What happened
Bajaj Auto disclosed that it was hit by a ransomware attack affecting systems at both the parent company and its wholly owned technology subsidiary, Bajaj Auto Technology Ltd.
The incident was detected at approximately 8:00 AM IST on June 23, 2026. Bajaj Auto confirmed the breach in a regulatory filing and said the attack affected its IT infrastructure and BATL’s systems.
After detecting the intrusion, the company’s internal technical team, external cybersecurity experts, and senior management responded to contain the incident. Bajaj Auto said it initiated precautionary actions and protocols to reduce the impact of the attack.
The company said its containment efforts have so far been successful in mitigating the impact. However, Bajaj Auto has not disclosed the full scope of the disruption.
The company has not yet said whether sensitive data was stolen, whether manufacturing operations were affected, whether supply chain systems were disrupted, or whether business continuity was materially impacted.
Bajaj Auto formally notified the Indian Computer Emergency Response Team under India’s Information Technology Act, 2000. The company also disclosed the incident under Regulation 30 of the SEBI Listing Obligations and Disclosure Requirements Regulations, 2015.
No ransomware group or threat actor has been attributed to the attack so far.
Who is affected
Bajaj Auto and Bajaj Auto Technology Ltd are directly affected by the ransomware attack.
The incident affects the company’s IT infrastructure and BATL’s systems, though the full operational and data impact has not yet been disclosed.
Because Bajaj Auto is one of India’s largest producers of motorcycles and three-wheeled commercial vehicles, any prolonged disruption could affect production, supply chain coordination, dealer operations, customer service, or internal business systems.
Suppliers, partners, dealers, and customers may also be indirectly affected if the ransomware attack causes delays or limits access to business services, though Bajaj Auto has not confirmed such downstream disruption.
Why CISOs should care
This incident highlights the ransomware exposure facing large manufacturers and automotive companies. Even when operational impact is not immediately confirmed, ransomware affecting IT infrastructure can quickly create risk for production planning, supply chain coordination, logistics, finance, and customer-facing services.
For CISOs, the involvement of both the parent company and its technology subsidiary is especially important. Technology subsidiaries often support digital systems, development work, shared platforms, or operational services, making them valuable targets during ransomware campaigns.
The regulatory disclosure is also notable. Bajaj Auto notified CERT-In and disclosed the event under SEBI requirements, showing how ransomware incidents now intersect with cybersecurity reporting, investor transparency, and corporate governance.
The lack of confirmed details about data theft, manufacturing impact, and threat actor attribution should not reduce urgency. In ransomware events, organizations need to investigate both encryption and exfiltration risk while maintaining business continuity.
3 practical actions
- Separate ransomware containment from business continuity recovery: Bajaj Auto said it activated precautionary actions and containment protocols. CISOs should ensure ransomware playbooks cover both technical isolation and restoration of critical business services such as manufacturing planning, logistics, finance, and customer operations.
- Assess subsidiary and shared-service exposure: The attack affected both Bajaj Auto and Bajaj Auto Technology Ltd. Security teams should review access paths between parent companies, technology subsidiaries, shared platforms, and operational environments to limit lateral movement during ransomware incidents.
- Prepare regulatory and stakeholder communications early: Bajaj Auto notified CERT-In and disclosed the incident under SEBI requirements. Organizations should define reporting thresholds, legal review workflows, customer communications, and investor disclosure processes before a ransomware event occurs.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.