Jaguar Land Rover Factory Shutdown Following Major Cyberattack
Jaguar Land Rover (JLR) suffered a significant cyberattack in late August 2025 that forced the shutdown of several major manufacturing plants across the UK, including Solihull and Halewood. The attack began as what appeared to be a minor IT issue but quickly escalated, with hackers damaging critical servers responsible for production schedules and supplier payments. As a result, production lines halted, screens froze, and workers were left idle on the factory floor, leading to a complete stop in vehicle manufacturing for several weeks.
The impact of the cyberattack extended far beyond JLR itself, severely disrupting its extensive supply chain and prompting rare financial intervention from the UK government. The Bank of England cited the JLR incident as a key factor in the country's slower-than-expected GDP growth for Q3 2025, marking the first time a cyberattack has caused material economic harm at a national level. The Cyber Monitoring Centre classified the event as a Category 3 systemic incident, with estimated losses to the local economy reaching up to £2.1 billion, and direct harm to JLR alone exceeding £2 billion in lost revenues.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Bank of England links JLR cyberattack to weaker UK GDP growth
On 2025-11-07, The Register reported that the Bank of England said Jaguar Land Rover's cyberattack contributed to unexpectedly slower UK GDP growth, indicating the incident had measurable macroeconomic effects beyond the company itself.
Cyberattack halts production at multiple JLR UK factories
In early September 2025, the incident disrupted manufacturing at sites including Solihull and Halewood, with reports of frozen screens, stopped machinery, and halted production lines. The attack also reportedly damaged servers tied to production scheduling and supplier payments, widening the operational impact.
JLR detects a cyber incident affecting internal systems
Around 2025-08-31, Jaguar Land Rover reportedly identified a cyberattack that initially appeared to be a routine IT problem before escalating into a major operational incident.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Jaguar Land Rover Cyberattack Causes Massive Economic Disruption in the UK
Jaguar Land Rover (JLR) suffered a major cyberattack that resulted in the shutdown of its manufacturing operations for over a month, causing significant disruption across its supply chain and dealership network. The incident, which began in late August 2025, affected JLR’s IT systems and halted production at key plants in Solihull, Halewood, and Wolverhampton. More than 5,000 organizations in the UK were impacted, including suppliers and downstream businesses, as orders were canceled or delayed and dealer systems went offline. The Cyber Monitoring Centre (CMC), a nonprofit specializing in cyber incident analysis, estimated the economic impact at £1.9 billion ($2.5 billion), making it the most economically damaging cyber event in UK history. The CMC classified the event as a "Category 3 systemic event," indicating a severe but not the highest level of national impact. The financial estimate was based on a modeled range of £1.6 billion to £2.1 billion and only considered the UK, suggesting the global impact could be even greater. The disruption to JLR’s operations threatened the viability of businesses in its supply chain, putting thousands of jobs at risk and prompting calls for government intervention. In response, the UK government provided emergency financial support amounting to £1.5 billion to help JLR recover and stabilize its operations, although the CMC noted that the full cost to taxpayers might not materialize if the support is not fully utilized. JLR also launched a financing scheme to provide up-front cash to suppliers facing financial hardship due to the shutdown. The incident highlighted the systemic risk posed by cyberattacks to critical manufacturing sectors and the broader economy, with experts warning that cyber resilience is now a matter of national security. The event underscored the interconnectedness of modern supply chains and the cascading effects a single cyber incident can have across multiple industries. The CMC’s analysis emphasized the need for organizations to strengthen their cyber defenses to prevent similar large-scale disruptions in the future. The government’s intervention in this case could set a precedent for future responses to major cyber incidents affecting national infrastructure. The attack’s impact on JLR, which accounts for roughly 4% of all British goods exports, demonstrates the potential for cyber threats to undermine key economic sectors. The event has sparked debate about the adequacy of current cyber insurance and risk management practices in the face of systemic cyber threats. Industry leaders and policymakers are now reassessing strategies to bolster cyber resilience and protect critical supply chains from future attacks. The JLR cyberattack serves as a stark warning of the far-reaching consequences of cyber incidents on both organizational and national levels.
Mar 21, 2026
Jaguar Land Rover Manufacturing Disruption and Recovery Following Major Cyberattack
Jaguar Land Rover (JLR), one of the United Kingdom's most significant automotive manufacturers, experienced a severe operational disruption after a major cyberattack forced the company to shut down its systems on September 1, 2025. The attack led to the suspension of manufacturing activities at JLR's main production plants in the UK, as well as assembly lines in Slovakia, Brazil, and India. For over a month, the company was unable to produce vehicles or book sales, resulting in substantial financial losses estimated at £5-10 million ($6-13 million) per day. The cumulative impact of the downtime could reach £2.2 billion ($2.9 billion) in lost revenue and £150 million ($202 million) in lost profit. The Wolverhampton engine factory is the first site scheduled to resume operations, with Solihull and Halewood plants expected to follow in a phased approach. The restart process is anticipated to take several weeks before all facilities return to normal production levels. The disruption also had a cascading effect on JLR's extensive supply chain, with reports of job losses and financial strain among suppliers. In response to the crisis, the UK government provided a £1.5 billion ($2 billion) loan guarantee to help stabilize the company and protect jobs across the supply chain. However, industry groups such as the Confederation of British Metalforming have raised concerns that the financial aid has not yet reached suppliers beyond JLR's first-tier contractors, potentially leaving smaller businesses vulnerable. The Unite workers' union and other stakeholders welcomed the government intervention but cautioned that the support may not be sufficient for a full recovery, especially for smaller suppliers. The cyberattack is considered one of the most severe crises in JLR's history, surpassing previous challenges such as the global financial crisis, the COVID-19 pandemic, and the semiconductor shortage. The company and its workforce are now focused on restoring operations and mitigating the long-term economic impact of the incident. The phased resumption of manufacturing is expected to gradually restore activity throughout JLR's network, but the full financial and operational recovery may take considerable time. The incident underscores the vulnerability of critical manufacturing infrastructure to cyber threats and the far-reaching consequences such attacks can have on national economies and employment. JLR's experience highlights the importance of robust cybersecurity measures and contingency planning for large-scale industrial organizations. The company's recovery efforts are being closely monitored by industry observers, government officials, and the broader business community. The event has prompted renewed discussions about supply chain resilience and the need for coordinated responses to cyber incidents affecting critical sectors.
Mar 21, 2026
Jaguar Land Rover Production Disruption and Financial Losses from Cyberattack
Jaguar Land Rover (JLR), owned by Tata Motors, suffered a significant cyberattack that forced the shutdown of major production plants in the UK, resulting in exceptional costs of approximately £196 million ($220–258 million) for the quarter ending September 30. The attack, claimed by the Scattered Lapsus$ Hunters group, led to the theft of company data, halted manufacturing operations, and caused severe liquidity issues for both JLR and some of its suppliers. The disruption persisted for weeks, with the UK government stepping in to provide a £1.5 billion loan guarantee to stabilize the supply chain and facilitate a phased restart of production by early October. The financial impact of the incident was substantial, with JLR's quarterly revenue dropping from £6.5 billion to £4.9 billion year-over-year, and profitability turning negative. The company reported a loss before tax and exceptional items of £485 million for Q2, compared to a profit of £398 million the previous year. The Bank of England cited the JLR cyberattack as a key factor in the country's weaker-than-expected GDP for Q3 2025. Despite the disruption, JLR has since restored its operations, including wholesale, parts logistics, and supplier financing, and has maintained its investment spending levels.
Mar 21, 2026