US Finance Breach, Disappointing Black Friday, JLR Cyber Incident

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

					DMARC Report					

				

US Finance Breach, Disappointing Black Friday, JLR Cyber Incident

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-34170">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/11/US-Finance-Breach-Disappointing-Black-Friday-JLR-Cyber-Incident.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M21S">2:21</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-34170" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-34170" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-34170" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-34170" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/us-finance-breach-disappointing-black-friday-jlr-cyber-incident/&t=US Finance Breach, Disappointing Black Friday, JLR Cyber Incident" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/us-finance-breach-disappointing-black-friday-jlr-cyber-incident/&url=US Finance Breach, Disappointing Black Friday, JLR Cyber Incident" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/11/US-Finance-Breach-Disappointing-Black-Friday-JLR-Cyber-Incident.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/us-finance-breach-disappointing-black-friday-jlr-cyber-incident/" class="input-link input-link-34170" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-34170" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-34170” readonly/>

					<button class="copy-embed copy-embed-34170" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Hello people! We are back once again with the last edition of November. In the previous week, cybercrooks attempted to steal the data and peace of mind of hundreds and thousands of victims. We are here to share the top 3 head-turning incidents of the past week with you so that you can **stay well-versed with the latest trends in the cybersecurity landscape.

Our focus will be on one of the major cyberattacks of recent times on the US financial sector. Next, we will talk about how threat actors are abusing the Black Friday trend. Lastly, our focus will be on the Jaguar Land Rover cyberattack case.

If you wish to know more about these key cyber incidents, stay with us!

Major cyberattack on the US finance sector, customer data compromised!

The last day turned out to be extremely hectic and stressful for the US finance sector, as some of the biggest US banks spent hours evaluating a massive cyberattack. Cybercrooks didn’t target any specific bank directly. Rather, they attacked SitusAMC. It is one of the major real estate and mortgage servicing technology vendors that is accountable for managing sensitive data for multiple banks.

As of 2025, DMARC is mandatory under multiple compliance frameworks. CISA BOD 18-01 requires p=reject for US federal domains. PCI DSS v4.0 mandates DMARC for organizations processing payment card data as of March 2025. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and Microsoft began rejecting non-compliant email in May 2025. The UK NCSC, Australia’s ASD, and Canada’s CCCS all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.

The company got targeted by cybercrooks on 12 November. For the last two weeks, forensic teams have been investigating the cyberattack. They are trying to evaluate the data that has been accessed by the cybercrooks and the extent of the damage.

Since SitusAMC offers services like mortgage processing, real estate loans, underwriting, and collections etc, there’s a high risk of the threat actors getting access to personal data related to housing and mortgages. Industry leaders like Citibank, Morgan Stanley, and JPMorgan Chase have been informed about potential customer data exposure.

The compromised information may include crucial data such as bank account details, social security numbers, income and tax filings, property-related identification records, loan applications, and so on. Such data can be used easily by threat actors to carry out cyber frauds like impersonation, loan fraud, identity theft, and so on.

Implementing SPF, DKIM, and DMARC helps prevent email spoofing and protects sensitive financial and personal data from cyberattacks.

Not a very happy Black Friday for the shopaholics!

Threat actors get very active around specific times, such as the holiday season and Black Friday sales. This Black Friday, the cybercrooks started targeting shoppers left, right, and center, trying to misuse the global e-commerce event.

A report by Kaspersky has stated that threat actors are targeting gaming platforms, digital marketplaces, and shoppers. Around 6.4 million phishing attempts have already been made. The sudden rise in cases is directly linked to the rapid proliferation of e-commerce around the world. Other factors like online payment platforms, easy access to smartphones, and consumer adoption have added to the number of threats.

The ongoing threat campaigns are luring the **Black Friday shoppers with compelling malicious websites, payment pages, and banking interfaces. Too-hard-to-ignore Black Friday discounts, cloned designs, and spam emails are used to trick the buyers into sharing their payment details in order to complete the purchase and place an order.

eCommerce biggies like Alibaba, Walmart, eBay , etc. are experiencing multiple impersonation campaigns. Amazon also experienced over 600,000 phishing attempts. Threat actors are also targeting subscription-based service providers such as Spotify and Netflix, as these platforms also gain popularity around the Black Friday sales period.

Cybersecurity experts recommend **using safe payment methods and two-factor authentication. Double-checking the URLs and email senders is also a must before proceeding with checkout. Also, investing in a high-end cyber protection solution is highly recommended for shopaholics.

Jaguar Land Rover’s loss amounts to $220 million due to the cyber incident!

JLR recently published its financial results for **July 1 to September 30 and stated that the cyberattack has cost a whopping $220 million. The cyber mishap took place back in September. As a result, Jaguar Land Rover had to shut down its entire production units. Even the staff was sent back home. The attack was allegedly carried out by the notorious Scattered Lapsus$ Hunters.

The disruption was so severe that JLR experienced severe financial and market risks. The UK government decided to intervene and approved a loan of almost $2 billion in order to help JLR get back on track and restore the supply chain network.

The financial results of JLR are a clear indicator that the cyberattack has left a massive dent in its profits. They have clearly mentioned that the “**decrease in profitability is largely due to the cyber incident.”

Despite facing a tumultuous time, **Jaguar Land Rover has managed to stabilize all its operations, which include parts logistics, wholesale, as well as supplier financing.

Such incidents are a stark reminder that no one is safe from threats. From industry leaders to individuals, everyone must focus on cybersecurity to protect themselves against sophisticated cyberattacks.

Sources

• CISA Binding Operational Directive 18-01
• Microsoft Outlook DMARC Enforcement May 2025 (2025)
• PCI DSS v4.0 - DMARC Requirement (2025)