ET Now reported that Bajaj Auto said its manufacturing, sales, and service operations continue normally despite the cybersecurity incident reported
The June 29 update appeared in ET Now’s stocks-to-watch coverage and listed Bajaj Auto as in focus because operations remained normal after the incident.
Earlier reporting on the incident said Bajaj Auto disclosed a ransomware attack affecting systems at the company and its wholly owned subsidiary, Bajaj Auto Technology Ltd.
Bajaj Auto previously said its technical team, cybersecurity experts, and management initiated precautionary actions and response protocols to mitigate the incident.
Earlier reporting also said Bajaj Auto informed the Indian Computer Emergency Response Team under applicable regulatory requirements.
Bajaj Auto says its manufacturing, sales, and service operations are continuing normally after a cybersecurity incident first reported on June 23, 2026. The incident involved a ransomware attack affecting systems at Bajaj Auto and its wholly owned subsidiary, Bajaj Auto Technology Ltd.
For enterprise security leaders, that distinction matters. Operational continuity does not automatically mean the incident is fully contained, the blast radius is understood, or downstream risk has been eliminated.
Ransomware response is not only about keeping production lines, dealer networks, and customer services running. It is also about validating endpoint integrity, checking for lateral movement, reviewing identity exposure, and ensuring continuity does not mask unresolved compromise.
How to Evaluate an XDR Vendor for Your Security Stack
Learn how to evaluate an XDR vendor by comparing telemetry, integrations, detection accuracy, response, and long-term value.
Assessing the Enterprise Impact
This Bajaj Auto cybersecurity incident was previously disclosed as a ransomware attack. It affected systems at Bajaj Auto and its wholly owned subsidiary, Bajaj Auto Technology Ltd. (BATL). The company has confirmed that business operations continue normally. However, it has not publicly disclosed the full technical scope of the compromise. It has also not confirmed whether any data was accessed or exfiltrated.
In manufacturing environments, an incident of this nature can extend well beyond a single set of endpoints. Depending on the organization’s architecture, investigators may need to assess exposure across:
Corporate IT systems supporting business operations
Engineering and product development platforms
Shared identity and authentication services
Enterprise endpoint fleets
Third-party vendor and supplier access
Dealer support and customer-facing systems
Production-adjacent IT infrastructure that interfaces with operational environments
Maintaining production is only one measure of successful incident response. Security teams still need to determine whether attackers established persistence, compromised privileged credentials, moved laterally between the parent company and subsidiary environments, staged data for exfiltration, or left behind tooling that could enable future access. Until those questions are answered through forensic investigation, business continuity should not be treated as evidence that the environment is fully secure.
Featured Resource
Introduction to Hexnode
Download to explore Hexnode's approach to simplify device management.
Recovering from a ransomware incident requires more than restoring systems. Security teams need continuous visibility into managed devices. They must isolate risks and prevent compromised endpoints from reconnecting to the enterprise environment until they validate those devices.
Hexnode UEM helps organizations strengthen their post-incident response by enabling IT teams to:
Maintain visibility into managed endpoints and their security posture.
Enforce device compliance and security policies to reduce the risk of non-compliant or compromised devices accessing corporate resources.
Deploy patches and configuration updates to address known vulnerabilities and restore approved security baselines.
Execute remote device management actions, helping administrators contain or remediate affected devices as part of the incident response process.
Organizations using Hexnode’s endpoint security capabilities can investigate endpoint activity in greater detail. Security teams can identify indicators of compromise, such as suspicious process execution, credential misuse, lateral movement, ransomware-related behavior, and persistence mechanisms. Combined with identity-aware access controls and device compliance policies, these capabilities strengthen endpoint security. They also prevent unmanaged or potentially compromised devices from accessing critical business applications. Access is restored only after the devices meet the organization’s security requirements.
Try Hexnode Free for 14 Days
Strengthen your ransomware readiness with unified endpoint management. Try Hexnode today.
I’m a technical content writer at Hexnode who loves simplifying tech. I break down complex ideas, remove the fluff, and help readers clearly understand our product for what it actually is: simple, reliable, and built to solve real problems.