Jaguar Land Rover Production Disruption and Financial Losses from Cyberattack
Jaguar Land Rover (JLR), owned by Tata Motors, suffered a significant cyberattack that forced the shutdown of major production plants in the UK, resulting in exceptional costs of approximately £196 million ($220–258 million) for the quarter ending September 30. The attack, claimed by the Scattered Lapsus$ Hunters group, led to the theft of company data, halted manufacturing operations, and caused severe liquidity issues for both JLR and some of its suppliers. The disruption persisted for weeks, with the UK government stepping in to provide a £1.5 billion loan guarantee to stabilize the supply chain and facilitate a phased restart of production by early October.
The financial impact of the incident was substantial, with JLR's quarterly revenue dropping from £6.5 billion to £4.9 billion year-over-year, and profitability turning negative. The company reported a loss before tax and exceptional items of £485 million for Q2, compared to a profit of £398 million the previous year. The Bank of England cited the JLR cyberattack as a key factor in the country's weaker-than-expected GDP for Q3 2025. Despite the disruption, JLR has since restored its operations, including wholesale, parts logistics, and supplier financing, and has maintained its investment spending levels.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Further reporting quantifies losses at JLR and Tata Motors
Subsequent coverage said the attack left Jaguar Land Rover short by roughly £680 million and estimated direct losses around $220 million to $260 million, while also contributing to a much larger market impact for Tata Motors. These reports appear to be follow-on quantifications of the same disclosed incident rather than separate events.
Jaguar Land Rover discloses major cyberattack impact
Jaguar Land Rover reported that a cyberattack caused major financial and operational damage, with losses estimated in the hundreds of millions of dollars or pounds. Multiple later reports describe the same incident and its business impact, including effects on parent company Tata Motors.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Jaguar Land Rover hack cost India's Tata Motors around $2.4 billion and counting
go.theregister.com
Open sourceCyberattack leaves Jaguar Land Rover short of £680 million
therecord.media
Open sourceJaguar Land Rover Hack Cost $260 Million
bankinfosecurity.com
Open sourceJaguar Land Rover cyberattack cost the company over $220 million
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Jaguar Land Rover Production and Sales Impact from Major Cyberattack
Jaguar Land Rover suffered a significant cyberattack in September that forced the automaker to halt production for several weeks, resulting in a 43% year-on-year decline in wholesale volumes for the third quarter. The disruption affected global supply chains, with manufacturing only returning to normal levels by mid-November, and led to substantial delays in distributing vehicles to dealers worldwide. The attack's impact was felt across all major markets, with North America experiencing a 64% drop in wholesale volumes, Europe 48%, China 46%, and the UK market seeing a smaller decline of 0.9%. The company also faced additional challenges from US tariffs and the planned discontinuation of legacy Jaguar models. Financially, the cyberattack cost Jaguar Land Rover £196 million ($220 million) in the quarter, and the Bank of England cited the incident as a contributing factor to the UK's weaker-than-expected GDP growth. The attack was later claimed by the Scattered Lapsus$ Hunters, a group linked to Lapsus$, Scattered Spider, and ShinyHunters. In addition to production and sales losses, JLR confirmed that data was stolen during the breach, including payroll information. The full financial impact is expected to be detailed in the company's upcoming quarterly results.
Mar 21, 2026
Jaguar Land Rover Operational Disruption Following Major Cyberattack
Jaguar Land Rover (JLR), the luxury automotive manufacturer and subsidiary of Tata Motors, experienced a significant operational outage due to a major cyberattack that forced the company to shut down its manufacturing systems. The incident led to a month-long disruption, with JLR initiating a controlled, phased restart of its manufacturing operations only after extensive downtime. Initially, the company stated that customer data did not appear to be compromised, but this position was revised a week later, indicating evolving understanding of the breach’s impact. Financially, the attack was devastating, with estimated losses ranging from $50 million to $70 million per week, and the total cost projected between $1.7 billion and $2.4 billion. The attack not only halted production but also highlighted the vulnerability of even large, resource-rich corporations to operationally crippling cyber incidents. Industry experts noted that this event went far beyond typical data theft, resulting in a complete operational outage that severely impacted JLR’s supply chain and business continuity. The British government responded by guaranteeing a £1.5 billion (approximately $2 billion) commercial bank loan to JLR, providing financial support as the company and its suppliers worked to recover from the disruption. This government-backed loan is structured so that JLR is responsible for repayment, but the lender is protected by the government guarantee in case of default. The incident has been cited as a case study in the high costs and business risks associated with ransomware and other forms of cyberattacks targeting critical manufacturing operations. Experts warn that automakers are increasingly attractive targets for ransomware gangs, as operational outages can pressure companies into paying ransoms quickly. Historical context shows that other major automakers, such as Honda, have also suffered significant outages due to cyberattacks, underscoring the sector’s susceptibility. The JLR attack has prompted renewed calls for robust incident response planning, improved cyber resilience, and greater investment in cybersecurity for operational technology environments. The event also demonstrates the potential for cyber incidents to have cascading effects across national economies, prompting government intervention to stabilize affected industries. As JLR resumes operations, the long-term impact on its reputation, supply chain relationships, and financial health remains under close scrutiny by industry observers and stakeholders.
Mar 21, 2026
Jaguar Land Rover Factory Shutdown Following Major Cyberattack
Jaguar Land Rover (JLR) suffered a significant cyberattack in late August 2025 that forced the shutdown of several major manufacturing plants across the UK, including Solihull and Halewood. The attack began as what appeared to be a minor IT issue but quickly escalated, with hackers damaging critical servers responsible for production schedules and supplier payments. As a result, production lines halted, screens froze, and workers were left idle on the factory floor, leading to a complete stop in vehicle manufacturing for several weeks. The impact of the cyberattack extended far beyond JLR itself, severely disrupting its extensive supply chain and prompting rare financial intervention from the UK government. The Bank of England cited the JLR incident as a key factor in the country's slower-than-expected GDP growth for Q3 2025, marking the first time a cyberattack has caused material economic harm at a national level. The Cyber Monitoring Centre classified the event as a Category 3 systemic incident, with estimated losses to the local economy reaching up to £2.1 billion, and direct harm to JLR alone exceeding £2 billion in lost revenues.
Mar 21, 2026