Jaguar Land Rover Manufacturing Disruption and Recovery Following Major Cyberattack
Jaguar Land Rover (JLR), one of the United Kingdom's most significant automotive manufacturers, experienced a severe operational disruption after a major cyberattack forced the company to shut down its systems on September 1, 2025. The attack led to the suspension of manufacturing activities at JLR's main production plants in the UK, as well as assembly lines in Slovakia, Brazil, and India. For over a month, the company was unable to produce vehicles or book sales, resulting in substantial financial losses estimated at £5-10 million ($6-13 million) per day. The cumulative impact of the downtime could reach £2.2 billion ($2.9 billion) in lost revenue and £150 million ($202 million) in lost profit. The Wolverhampton engine factory is the first site scheduled to resume operations, with Solihull and Halewood plants expected to follow in a phased approach. The restart process is anticipated to take several weeks before all facilities return to normal production levels. The disruption also had a cascading effect on JLR's extensive supply chain, with reports of job losses and financial strain among suppliers. In response to the crisis, the UK government provided a £1.5 billion ($2 billion) loan guarantee to help stabilize the company and protect jobs across the supply chain. However, industry groups such as the Confederation of British Metalforming have raised concerns that the financial aid has not yet reached suppliers beyond JLR's first-tier contractors, potentially leaving smaller businesses vulnerable. The Unite workers' union and other stakeholders welcomed the government intervention but cautioned that the support may not be sufficient for a full recovery, especially for smaller suppliers. The cyberattack is considered one of the most severe crises in JLR's history, surpassing previous challenges such as the global financial crisis, the COVID-19 pandemic, and the semiconductor shortage. The company and its workforce are now focused on restoring operations and mitigating the long-term economic impact of the incident. The phased resumption of manufacturing is expected to gradually restore activity throughout JLR's network, but the full financial and operational recovery may take considerable time. The incident underscores the vulnerability of critical manufacturing infrastructure to cyber threats and the far-reaching consequences such attacks can have on national economies and employment. JLR's experience highlights the importance of robust cybersecurity measures and contingency planning for large-scale industrial organizations. The company's recovery efforts are being closely monitored by industry observers, government officials, and the broader business community. The event has prompted renewed discussions about supply chain resilience and the need for coordinated responses to cyber incidents affecting critical sectors.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
JLR begins phased restoration of manufacturing
On October 6, 2025, Jaguar Land Rover started a phased restart of operations after the month-long shutdown. The company planned to resume first at its Wolverhampton engine plant, followed by sites including Nitra and Solihull.
JLR launches supplier financing support measures
To help restart production and stabilize its supply chain, JLR introduced a financing scheme offering qualifying suppliers accelerated payments and up-front cash. The company also secured two loans, including one backed by the British government.
UK government guarantees £1.5 billion loan for JLR
Amid concerns over jobs and supplier impacts, the UK government guaranteed a £1.5 billion loan to Jaguar Land Rover, repayable over five years, to support recovery. Industry groups and unions warned the support might not be enough and said funds had not yet reached smaller suppliers.
Aston Martin cites related cyber fallout in Q3 outlook
Aston Martin said a cyber incident at a major UK automotive manufacturer contributed to reduced Q3 wholesale volume projections, indicating spillover effects from the JLR disruption. The company did not name JLR directly in the cited reporting.
Threat actor claims responsibility and later announces disputed closure
A group calling itself "Scattered Lapsus$ Hunters" claimed responsibility for the intrusion and later said in mid-September that it was shutting down, though that closure was disputed. JLR did not publicly disclose technical details of the breach.
Attack causes prolonged production halt and supplier disruption
Over the following weeks, JLR's global production remained halted, creating major supply-chain disruption and reportedly costing the company millions of pounds per day. The impact extended beyond JLR, with suppliers and smaller firms facing financial strain.
Cyberattack begins disrupting Jaguar Land Rover operations
A cyberattack against Jaguar Land Rover began on September 1, 2025, triggering a shutdown that disrupted manufacturing and dealership operations in the UK, Slovakia, Brazil, and India. The incident reportedly also prevented the company from booking sales from September onward.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Jaguar Land Rover to restart production following cyberattack
therecord.media
Open sourceJaguar Land Rover: Production Halted Post-Hack
securityboulevard.com
Open sourceJaguar Land Rover engines ready to roar again after weeks-long cyber stall
go.theregister.com
Open sourceJaguar Land Rover Slowly Starts Making Cars Again
govinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Jaguar Land Rover Operational Disruption Following Major Cyberattack
Jaguar Land Rover (JLR), the luxury automotive manufacturer and subsidiary of Tata Motors, experienced a significant operational outage due to a major cyberattack that forced the company to shut down its manufacturing systems. The incident led to a month-long disruption, with JLR initiating a controlled, phased restart of its manufacturing operations only after extensive downtime. Initially, the company stated that customer data did not appear to be compromised, but this position was revised a week later, indicating evolving understanding of the breach’s impact. Financially, the attack was devastating, with estimated losses ranging from $50 million to $70 million per week, and the total cost projected between $1.7 billion and $2.4 billion. The attack not only halted production but also highlighted the vulnerability of even large, resource-rich corporations to operationally crippling cyber incidents. Industry experts noted that this event went far beyond typical data theft, resulting in a complete operational outage that severely impacted JLR’s supply chain and business continuity. The British government responded by guaranteeing a £1.5 billion (approximately $2 billion) commercial bank loan to JLR, providing financial support as the company and its suppliers worked to recover from the disruption. This government-backed loan is structured so that JLR is responsible for repayment, but the lender is protected by the government guarantee in case of default. The incident has been cited as a case study in the high costs and business risks associated with ransomware and other forms of cyberattacks targeting critical manufacturing operations. Experts warn that automakers are increasingly attractive targets for ransomware gangs, as operational outages can pressure companies into paying ransoms quickly. Historical context shows that other major automakers, such as Honda, have also suffered significant outages due to cyberattacks, underscoring the sector’s susceptibility. The JLR attack has prompted renewed calls for robust incident response planning, improved cyber resilience, and greater investment in cybersecurity for operational technology environments. The event also demonstrates the potential for cyber incidents to have cascading effects across national economies, prompting government intervention to stabilize affected industries. As JLR resumes operations, the long-term impact on its reputation, supply chain relationships, and financial health remains under close scrutiny by industry observers and stakeholders.
Mar 21, 2026
Jaguar Land Rover Cyberattack Causes Massive Economic Disruption in the UK
Jaguar Land Rover (JLR) suffered a major cyberattack that resulted in the shutdown of its manufacturing operations for over a month, causing significant disruption across its supply chain and dealership network. The incident, which began in late August 2025, affected JLR’s IT systems and halted production at key plants in Solihull, Halewood, and Wolverhampton. More than 5,000 organizations in the UK were impacted, including suppliers and downstream businesses, as orders were canceled or delayed and dealer systems went offline. The Cyber Monitoring Centre (CMC), a nonprofit specializing in cyber incident analysis, estimated the economic impact at £1.9 billion ($2.5 billion), making it the most economically damaging cyber event in UK history. The CMC classified the event as a "Category 3 systemic event," indicating a severe but not the highest level of national impact. The financial estimate was based on a modeled range of £1.6 billion to £2.1 billion and only considered the UK, suggesting the global impact could be even greater. The disruption to JLR’s operations threatened the viability of businesses in its supply chain, putting thousands of jobs at risk and prompting calls for government intervention. In response, the UK government provided emergency financial support amounting to £1.5 billion to help JLR recover and stabilize its operations, although the CMC noted that the full cost to taxpayers might not materialize if the support is not fully utilized. JLR also launched a financing scheme to provide up-front cash to suppliers facing financial hardship due to the shutdown. The incident highlighted the systemic risk posed by cyberattacks to critical manufacturing sectors and the broader economy, with experts warning that cyber resilience is now a matter of national security. The event underscored the interconnectedness of modern supply chains and the cascading effects a single cyber incident can have across multiple industries. The CMC’s analysis emphasized the need for organizations to strengthen their cyber defenses to prevent similar large-scale disruptions in the future. The government’s intervention in this case could set a precedent for future responses to major cyber incidents affecting national infrastructure. The attack’s impact on JLR, which accounts for roughly 4% of all British goods exports, demonstrates the potential for cyber threats to undermine key economic sectors. The event has sparked debate about the adequacy of current cyber insurance and risk management practices in the face of systemic cyber threats. Industry leaders and policymakers are now reassessing strategies to bolster cyber resilience and protect critical supply chains from future attacks. The JLR cyberattack serves as a stark warning of the far-reaching consequences of cyber incidents on both organizational and national levels.
Mar 21, 2026
Jaguar Land Rover Factory Shutdown Following Major Cyberattack
Jaguar Land Rover (JLR) suffered a significant cyberattack in late August 2025 that forced the shutdown of several major manufacturing plants across the UK, including Solihull and Halewood. The attack began as what appeared to be a minor IT issue but quickly escalated, with hackers damaging critical servers responsible for production schedules and supplier payments. As a result, production lines halted, screens froze, and workers were left idle on the factory floor, leading to a complete stop in vehicle manufacturing for several weeks. The impact of the cyberattack extended far beyond JLR itself, severely disrupting its extensive supply chain and prompting rare financial intervention from the UK government. The Bank of England cited the JLR incident as a key factor in the country's slower-than-expected GDP growth for Q3 2025, marking the first time a cyberattack has caused material economic harm at a national level. The Cyber Monitoring Centre classified the event as a Category 3 systemic incident, with estimated losses to the local economy reaching up to £2.1 billion, and direct harm to JLR alone exceeding £2 billion in lost revenues.
Mar 21, 2026