Jaguar Land Rover Cyberattack Causes Massive Economic Disruption in the UK
Jaguar Land Rover (JLR) suffered a major cyberattack that resulted in the shutdown of its manufacturing operations for over a month, causing significant disruption across its supply chain and dealership network. The incident, which began in late August 2025, affected JLR’s IT systems and halted production at key plants in Solihull, Halewood, and Wolverhampton. More than 5,000 organizations in the UK were impacted, including suppliers and downstream businesses, as orders were canceled or delayed and dealer systems went offline. The Cyber Monitoring Centre (CMC), a nonprofit specializing in cyber incident analysis, estimated the economic impact at £1.9 billion ($2.5 billion), making it the most economically damaging cyber event in UK history. The CMC classified the event as a "Category 3 systemic event," indicating a severe but not the highest level of national impact. The financial estimate was based on a modeled range of £1.6 billion to £2.1 billion and only considered the UK, suggesting the global impact could be even greater. The disruption to JLR’s operations threatened the viability of businesses in its supply chain, putting thousands of jobs at risk and prompting calls for government intervention. In response, the UK government provided emergency financial support amounting to £1.5 billion to help JLR recover and stabilize its operations, although the CMC noted that the full cost to taxpayers might not materialize if the support is not fully utilized. JLR also launched a financing scheme to provide up-front cash to suppliers facing financial hardship due to the shutdown. The incident highlighted the systemic risk posed by cyberattacks to critical manufacturing sectors and the broader economy, with experts warning that cyber resilience is now a matter of national security. The event underscored the interconnectedness of modern supply chains and the cascading effects a single cyber incident can have across multiple industries. The CMC’s analysis emphasized the need for organizations to strengthen their cyber defenses to prevent similar large-scale disruptions in the future. The government’s intervention in this case could set a precedent for future responses to major cyber incidents affecting national infrastructure. The attack’s impact on JLR, which accounts for roughly 4% of all British goods exports, demonstrates the potential for cyber threats to undermine key economic sectors. The event has sparked debate about the adequacy of current cyber insurance and risk management practices in the face of systemic cyber threats. Industry leaders and policymakers are now reassessing strategies to bolster cyber resilience and protect critical supply chains from future attacks. The JLR cyberattack serves as a stark warning of the far-reaching consequences of cyber incidents on both organizational and national levels.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Cyber Monitoring Centre estimates £1.6B–£2.1B in UK losses
On or before 2025-10-22, the non-profit Cyber Monitoring Centre published an assessment estimating the attack caused £1.6 billion to £2.1 billion in losses to the UK economy, about £1.9 billion at midpoint. It said more than 5,000 British firms were affected across JLR manufacturing, suppliers, and dealerships, making it the costliest cyber incident in UK history.
JLR operations resume after weeks of disruption
Jaguar Land Rover's affected operations resumed earlier in October after the September attack forced shutdowns across multiple countries. The recovery ended a period of manufacturing and supply-chain disruption.
Scattered Lapsus$ Hunters claims responsibility for JLR attack
A group calling itself 'Scattered Lapsus$ Hunters,' described as mainly Western adolescent hackers, claimed responsibility for the Jaguar Land Rover intrusion. The claim emerged as reporting on the operational disruption became public.
Jaguar Land Rover detects cyberattack and halts assembly lines
On 2025-09-01, Jaguar Land Rover detected a cyberattack and shut down assembly lines in the UK, Slovakia, Brazil, and India. The disruption affected manufacturing at the start of the fall car-selling season.
Jaguar suspends production to retool for luxury EVs
Jaguar had already suspended production in 2024 as part of a retooling effort toward luxury electric vehicles. This predated the cyber incident and meant the attack's direct manufacturing impact fell more heavily on Land Rover operations.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy
securityaffairs.com
Open sourceJaguar Land Rover cyber-meltdown tipped to cost the UK almost £2B
go.theregister.com
Open sourceJaguar Land Rover cyberattack cost $2.5 billion, says monitoring group
therecord.media
Open sourceJaguar Land Rover Hack the Costliest Ever in the UK
bankinfosecurity.com
Open sourceJaguar Land Rover Hack the Costliest Ever in the UK
govinfosecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Jaguar Land Rover Factory Shutdown Following Major Cyberattack
Jaguar Land Rover (JLR) suffered a significant cyberattack in late August 2025 that forced the shutdown of several major manufacturing plants across the UK, including Solihull and Halewood. The attack began as what appeared to be a minor IT issue but quickly escalated, with hackers damaging critical servers responsible for production schedules and supplier payments. As a result, production lines halted, screens froze, and workers were left idle on the factory floor, leading to a complete stop in vehicle manufacturing for several weeks. The impact of the cyberattack extended far beyond JLR itself, severely disrupting its extensive supply chain and prompting rare financial intervention from the UK government. The Bank of England cited the JLR incident as a key factor in the country's slower-than-expected GDP growth for Q3 2025, marking the first time a cyberattack has caused material economic harm at a national level. The Cyber Monitoring Centre classified the event as a Category 3 systemic incident, with estimated losses to the local economy reaching up to £2.1 billion, and direct harm to JLR alone exceeding £2 billion in lost revenues.
Mar 21, 2026
Jaguar Land Rover Manufacturing Disruption and Recovery Following Major Cyberattack
Jaguar Land Rover (JLR), one of the United Kingdom's most significant automotive manufacturers, experienced a severe operational disruption after a major cyberattack forced the company to shut down its systems on September 1, 2025. The attack led to the suspension of manufacturing activities at JLR's main production plants in the UK, as well as assembly lines in Slovakia, Brazil, and India. For over a month, the company was unable to produce vehicles or book sales, resulting in substantial financial losses estimated at £5-10 million ($6-13 million) per day. The cumulative impact of the downtime could reach £2.2 billion ($2.9 billion) in lost revenue and £150 million ($202 million) in lost profit. The Wolverhampton engine factory is the first site scheduled to resume operations, with Solihull and Halewood plants expected to follow in a phased approach. The restart process is anticipated to take several weeks before all facilities return to normal production levels. The disruption also had a cascading effect on JLR's extensive supply chain, with reports of job losses and financial strain among suppliers. In response to the crisis, the UK government provided a £1.5 billion ($2 billion) loan guarantee to help stabilize the company and protect jobs across the supply chain. However, industry groups such as the Confederation of British Metalforming have raised concerns that the financial aid has not yet reached suppliers beyond JLR's first-tier contractors, potentially leaving smaller businesses vulnerable. The Unite workers' union and other stakeholders welcomed the government intervention but cautioned that the support may not be sufficient for a full recovery, especially for smaller suppliers. The cyberattack is considered one of the most severe crises in JLR's history, surpassing previous challenges such as the global financial crisis, the COVID-19 pandemic, and the semiconductor shortage. The company and its workforce are now focused on restoring operations and mitigating the long-term economic impact of the incident. The phased resumption of manufacturing is expected to gradually restore activity throughout JLR's network, but the full financial and operational recovery may take considerable time. The incident underscores the vulnerability of critical manufacturing infrastructure to cyber threats and the far-reaching consequences such attacks can have on national economies and employment. JLR's experience highlights the importance of robust cybersecurity measures and contingency planning for large-scale industrial organizations. The company's recovery efforts are being closely monitored by industry observers, government officials, and the broader business community. The event has prompted renewed discussions about supply chain resilience and the need for coordinated responses to cyber incidents affecting critical sectors.
Mar 21, 2026
Jaguar Land Rover Operational Disruption Following Major Cyberattack
Jaguar Land Rover (JLR), the luxury automotive manufacturer and subsidiary of Tata Motors, experienced a significant operational outage due to a major cyberattack that forced the company to shut down its manufacturing systems. The incident led to a month-long disruption, with JLR initiating a controlled, phased restart of its manufacturing operations only after extensive downtime. Initially, the company stated that customer data did not appear to be compromised, but this position was revised a week later, indicating evolving understanding of the breach’s impact. Financially, the attack was devastating, with estimated losses ranging from $50 million to $70 million per week, and the total cost projected between $1.7 billion and $2.4 billion. The attack not only halted production but also highlighted the vulnerability of even large, resource-rich corporations to operationally crippling cyber incidents. Industry experts noted that this event went far beyond typical data theft, resulting in a complete operational outage that severely impacted JLR’s supply chain and business continuity. The British government responded by guaranteeing a £1.5 billion (approximately $2 billion) commercial bank loan to JLR, providing financial support as the company and its suppliers worked to recover from the disruption. This government-backed loan is structured so that JLR is responsible for repayment, but the lender is protected by the government guarantee in case of default. The incident has been cited as a case study in the high costs and business risks associated with ransomware and other forms of cyberattacks targeting critical manufacturing operations. Experts warn that automakers are increasingly attractive targets for ransomware gangs, as operational outages can pressure companies into paying ransoms quickly. Historical context shows that other major automakers, such as Honda, have also suffered significant outages due to cyberattacks, underscoring the sector’s susceptibility. The JLR attack has prompted renewed calls for robust incident response planning, improved cyber resilience, and greater investment in cybersecurity for operational technology environments. The event also demonstrates the potential for cyber incidents to have cascading effects across national economies, prompting government intervention to stabilize affected industries. As JLR resumes operations, the long-term impact on its reputation, supply chain relationships, and financial health remains under close scrutiny by industry observers and stakeholders.
Mar 21, 2026