Jaguar Land Rover Operational Disruption Following Major Cyberattack
Jaguar Land Rover (JLR), the luxury automotive manufacturer and subsidiary of Tata Motors, experienced a significant operational outage due to a major cyberattack that forced the company to shut down its manufacturing systems. The incident led to a month-long disruption, with JLR initiating a controlled, phased restart of its manufacturing operations only after extensive downtime. Initially, the company stated that customer data did not appear to be compromised, but this position was revised a week later, indicating evolving understanding of the breach’s impact. Financially, the attack was devastating, with estimated losses ranging from $50 million to $70 million per week, and the total cost projected between $1.7 billion and $2.4 billion. The attack not only halted production but also highlighted the vulnerability of even large, resource-rich corporations to operationally crippling cyber incidents. Industry experts noted that this event went far beyond typical data theft, resulting in a complete operational outage that severely impacted JLR’s supply chain and business continuity. The British government responded by guaranteeing a £1.5 billion (approximately $2 billion) commercial bank loan to JLR, providing financial support as the company and its suppliers worked to recover from the disruption. This government-backed loan is structured so that JLR is responsible for repayment, but the lender is protected by the government guarantee in case of default. The incident has been cited as a case study in the high costs and business risks associated with ransomware and other forms of cyberattacks targeting critical manufacturing operations. Experts warn that automakers are increasingly attractive targets for ransomware gangs, as operational outages can pressure companies into paying ransoms quickly. Historical context shows that other major automakers, such as Honda, have also suffered significant outages due to cyberattacks, underscoring the sector’s susceptibility. The JLR attack has prompted renewed calls for robust incident response planning, improved cyber resilience, and greater investment in cybersecurity for operational technology environments. The event also demonstrates the potential for cyber incidents to have cascading effects across national economies, prompting government intervention to stabilize affected industries. As JLR resumes operations, the long-term impact on its reputation, supply chain relationships, and financial health remains under close scrutiny by industry observers and stakeholders.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
JLR works with UK NCSC and law enforcement to restore operations
Following the attack, Jaguar Land Rover worked with the UK National Cyber Security Centre, law enforcement, and cybersecurity specialists to restore operations safely. The response focused on recovery after the prolonged manufacturing disruption.
Scattered Lapsus$ Hunters claims responsibility for JLR attack
A group calling itself 'Scattered Lapsus$ Hunters' reportedly claimed the cyberattack against Jaguar Land Rover. Reporting indicated the attackers demonstrated deep knowledge of JLR's network and timing.
Cyberattack forces Jaguar Land Rover to shut manufacturing systems
Jaguar Land Rover suffered a major cyberattack that caused a month-long operational outage and forced the company to shut down manufacturing systems. The attack disrupted both IT and OT environments and was later linked to estimated losses of $1.7 billion to $2.4 billion.
HELLCAT leaks internal Jaguar Land Rover documents
In March 2025, the HELLCAT ransomware group leaked internal Jaguar Land Rover documents in a prior breach. Later reporting suggested attackers may have retained persistent access from this earlier compromise.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Jaguar Land Rover Manufacturing Disruption and Recovery Following Major Cyberattack
Jaguar Land Rover (JLR), one of the United Kingdom's most significant automotive manufacturers, experienced a severe operational disruption after a major cyberattack forced the company to shut down its systems on September 1, 2025. The attack led to the suspension of manufacturing activities at JLR's main production plants in the UK, as well as assembly lines in Slovakia, Brazil, and India. For over a month, the company was unable to produce vehicles or book sales, resulting in substantial financial losses estimated at £5-10 million ($6-13 million) per day. The cumulative impact of the downtime could reach £2.2 billion ($2.9 billion) in lost revenue and £150 million ($202 million) in lost profit. The Wolverhampton engine factory is the first site scheduled to resume operations, with Solihull and Halewood plants expected to follow in a phased approach. The restart process is anticipated to take several weeks before all facilities return to normal production levels. The disruption also had a cascading effect on JLR's extensive supply chain, with reports of job losses and financial strain among suppliers. In response to the crisis, the UK government provided a £1.5 billion ($2 billion) loan guarantee to help stabilize the company and protect jobs across the supply chain. However, industry groups such as the Confederation of British Metalforming have raised concerns that the financial aid has not yet reached suppliers beyond JLR's first-tier contractors, potentially leaving smaller businesses vulnerable. The Unite workers' union and other stakeholders welcomed the government intervention but cautioned that the support may not be sufficient for a full recovery, especially for smaller suppliers. The cyberattack is considered one of the most severe crises in JLR's history, surpassing previous challenges such as the global financial crisis, the COVID-19 pandemic, and the semiconductor shortage. The company and its workforce are now focused on restoring operations and mitigating the long-term economic impact of the incident. The phased resumption of manufacturing is expected to gradually restore activity throughout JLR's network, but the full financial and operational recovery may take considerable time. The incident underscores the vulnerability of critical manufacturing infrastructure to cyber threats and the far-reaching consequences such attacks can have on national economies and employment. JLR's experience highlights the importance of robust cybersecurity measures and contingency planning for large-scale industrial organizations. The company's recovery efforts are being closely monitored by industry observers, government officials, and the broader business community. The event has prompted renewed discussions about supply chain resilience and the need for coordinated responses to cyber incidents affecting critical sectors.
Mar 21, 2026
Jaguar Land Rover Production Disruption and Financial Losses from Cyberattack
Jaguar Land Rover (JLR), owned by Tata Motors, suffered a significant cyberattack that forced the shutdown of major production plants in the UK, resulting in exceptional costs of approximately £196 million ($220–258 million) for the quarter ending September 30. The attack, claimed by the Scattered Lapsus$ Hunters group, led to the theft of company data, halted manufacturing operations, and caused severe liquidity issues for both JLR and some of its suppliers. The disruption persisted for weeks, with the UK government stepping in to provide a £1.5 billion loan guarantee to stabilize the supply chain and facilitate a phased restart of production by early October. The financial impact of the incident was substantial, with JLR's quarterly revenue dropping from £6.5 billion to £4.9 billion year-over-year, and profitability turning negative. The company reported a loss before tax and exceptional items of £485 million for Q2, compared to a profit of £398 million the previous year. The Bank of England cited the JLR cyberattack as a key factor in the country's weaker-than-expected GDP for Q3 2025. Despite the disruption, JLR has since restored its operations, including wholesale, parts logistics, and supplier financing, and has maintained its investment spending levels.
Mar 21, 2026
Jaguar Land Rover Cyberattack Causes Massive Economic Disruption in the UK
Jaguar Land Rover (JLR) suffered a major cyberattack that resulted in the shutdown of its manufacturing operations for over a month, causing significant disruption across its supply chain and dealership network. The incident, which began in late August 2025, affected JLR’s IT systems and halted production at key plants in Solihull, Halewood, and Wolverhampton. More than 5,000 organizations in the UK were impacted, including suppliers and downstream businesses, as orders were canceled or delayed and dealer systems went offline. The Cyber Monitoring Centre (CMC), a nonprofit specializing in cyber incident analysis, estimated the economic impact at £1.9 billion ($2.5 billion), making it the most economically damaging cyber event in UK history. The CMC classified the event as a "Category 3 systemic event," indicating a severe but not the highest level of national impact. The financial estimate was based on a modeled range of £1.6 billion to £2.1 billion and only considered the UK, suggesting the global impact could be even greater. The disruption to JLR’s operations threatened the viability of businesses in its supply chain, putting thousands of jobs at risk and prompting calls for government intervention. In response, the UK government provided emergency financial support amounting to £1.5 billion to help JLR recover and stabilize its operations, although the CMC noted that the full cost to taxpayers might not materialize if the support is not fully utilized. JLR also launched a financing scheme to provide up-front cash to suppliers facing financial hardship due to the shutdown. The incident highlighted the systemic risk posed by cyberattacks to critical manufacturing sectors and the broader economy, with experts warning that cyber resilience is now a matter of national security. The event underscored the interconnectedness of modern supply chains and the cascading effects a single cyber incident can have across multiple industries. The CMC’s analysis emphasized the need for organizations to strengthen their cyber defenses to prevent similar large-scale disruptions in the future. The government’s intervention in this case could set a precedent for future responses to major cyber incidents affecting national infrastructure. The attack’s impact on JLR, which accounts for roughly 4% of all British goods exports, demonstrates the potential for cyber threats to undermine key economic sectors. The event has sparked debate about the adequacy of current cyber insurance and risk management practices in the face of systemic cyber threats. Industry leaders and policymakers are now reassessing strategies to bolster cyber resilience and protect critical supply chains from future attacks. The JLR cyberattack serves as a stark warning of the far-reaching consequences of cyber incidents on both organizational and national levels.
Mar 21, 2026