Jaguar Land Rover Production and Sales Impact from Major Cyberattack
Jaguar Land Rover suffered a significant cyberattack in September that forced the automaker to halt production for several weeks, resulting in a 43% year-on-year decline in wholesale volumes for the third quarter. The disruption affected global supply chains, with manufacturing only returning to normal levels by mid-November, and led to substantial delays in distributing vehicles to dealers worldwide. The attack's impact was felt across all major markets, with North America experiencing a 64% drop in wholesale volumes, Europe 48%, China 46%, and the UK market seeing a smaller decline of 0.9%. The company also faced additional challenges from US tariffs and the planned discontinuation of legacy Jaguar models.
Financially, the cyberattack cost Jaguar Land Rover £196 million ($220 million) in the quarter, and the Bank of England cited the incident as a contributing factor to the UK's weaker-than-expected GDP growth. The attack was later claimed by the Scattered Lapsus$ Hunters, a group linked to Lapsus$, Scattered Spider, and ShinyHunters. In addition to production and sales losses, JLR confirmed that data was stolen during the breach, including payroll information. The full financial impact is expected to be detailed in the company's upcoming quarterly results.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
JLR discloses £196 million quarterly hit from cyberattack
In early January 2026, Jaguar Land Rover disclosed that the cyberattack cost it £196 million in the quarter and materially reduced wholesale volumes. Reporting also noted broader estimated economic damage, with the Cyber Monitoring Centre warning losses to the U.K. economy could reach £2.1 billion.
UK government approves £1.5 billion loan guarantee for JLR
Following the attack's operational and financial fallout, the U.K. government approved a £1.5 billion loan guarantee to help Jaguar Land Rover restore operations and stabilize its supply chain. The incident was also cited as a factor in weaker U.K. GDP performance in Q3 2025.
JLR's Q3 operations and sales fall sharply after the attack
During Q3 of JLR's fiscal 2026, the cyberattack caused weeks of production disruption, supply-chain delays, and major sales declines. JLR later reported wholesale volumes down about 43% year over year and retail sales down about 25%, with North America hit hardest.
Production returns to normal by mid-November
JLR's production recovered to normal levels by mid-November 2025 after extended disruption from the September attack. Some suppliers reportedly faced severe liquidity pressure during the recovery period.
Cyberattack hits Jaguar Land Rover and halts production
On 2025-09-02, Jaguar Land Rover suffered a major cyberattack that forced it to stop manufacturing, send staff home, disrupted distribution, and led to data theft. The Scattered Lapsus$ Hunters cybercrime collective later claimed responsibility.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Jaguar Land Rover Production Disruption and Financial Losses from Cyberattack
Jaguar Land Rover (JLR), owned by Tata Motors, suffered a significant cyberattack that forced the shutdown of major production plants in the UK, resulting in exceptional costs of approximately £196 million ($220–258 million) for the quarter ending September 30. The attack, claimed by the Scattered Lapsus$ Hunters group, led to the theft of company data, halted manufacturing operations, and caused severe liquidity issues for both JLR and some of its suppliers. The disruption persisted for weeks, with the UK government stepping in to provide a £1.5 billion loan guarantee to stabilize the supply chain and facilitate a phased restart of production by early October. The financial impact of the incident was substantial, with JLR's quarterly revenue dropping from £6.5 billion to £4.9 billion year-over-year, and profitability turning negative. The company reported a loss before tax and exceptional items of £485 million for Q2, compared to a profit of £398 million the previous year. The Bank of England cited the JLR cyberattack as a key factor in the country's weaker-than-expected GDP for Q3 2025. Despite the disruption, JLR has since restored its operations, including wholesale, parts logistics, and supplier financing, and has maintained its investment spending levels.
Mar 21, 2026
Jaguar Land Rover Factory Shutdown Following Major Cyberattack
Jaguar Land Rover (JLR) suffered a significant cyberattack in late August 2025 that forced the shutdown of several major manufacturing plants across the UK, including Solihull and Halewood. The attack began as what appeared to be a minor IT issue but quickly escalated, with hackers damaging critical servers responsible for production schedules and supplier payments. As a result, production lines halted, screens froze, and workers were left idle on the factory floor, leading to a complete stop in vehicle manufacturing for several weeks. The impact of the cyberattack extended far beyond JLR itself, severely disrupting its extensive supply chain and prompting rare financial intervention from the UK government. The Bank of England cited the JLR incident as a key factor in the country's slower-than-expected GDP growth for Q3 2025, marking the first time a cyberattack has caused material economic harm at a national level. The Cyber Monitoring Centre classified the event as a Category 3 systemic incident, with estimated losses to the local economy reaching up to £2.1 billion, and direct harm to JLR alone exceeding £2 billion in lost revenues.
Mar 21, 2026
Jaguar Land Rover Operational Disruption Following Major Cyberattack
Jaguar Land Rover (JLR), the luxury automotive manufacturer and subsidiary of Tata Motors, experienced a significant operational outage due to a major cyberattack that forced the company to shut down its manufacturing systems. The incident led to a month-long disruption, with JLR initiating a controlled, phased restart of its manufacturing operations only after extensive downtime. Initially, the company stated that customer data did not appear to be compromised, but this position was revised a week later, indicating evolving understanding of the breach’s impact. Financially, the attack was devastating, with estimated losses ranging from $50 million to $70 million per week, and the total cost projected between $1.7 billion and $2.4 billion. The attack not only halted production but also highlighted the vulnerability of even large, resource-rich corporations to operationally crippling cyber incidents. Industry experts noted that this event went far beyond typical data theft, resulting in a complete operational outage that severely impacted JLR’s supply chain and business continuity. The British government responded by guaranteeing a £1.5 billion (approximately $2 billion) commercial bank loan to JLR, providing financial support as the company and its suppliers worked to recover from the disruption. This government-backed loan is structured so that JLR is responsible for repayment, but the lender is protected by the government guarantee in case of default. The incident has been cited as a case study in the high costs and business risks associated with ransomware and other forms of cyberattacks targeting critical manufacturing operations. Experts warn that automakers are increasingly attractive targets for ransomware gangs, as operational outages can pressure companies into paying ransoms quickly. Historical context shows that other major automakers, such as Honda, have also suffered significant outages due to cyberattacks, underscoring the sector’s susceptibility. The JLR attack has prompted renewed calls for robust incident response planning, improved cyber resilience, and greater investment in cybersecurity for operational technology environments. The event also demonstrates the potential for cyber incidents to have cascading effects across national economies, prompting government intervention to stabilize affected industries. As JLR resumes operations, the long-term impact on its reputation, supply chain relationships, and financial health remains under close scrutiny by industry observers and stakeholders.
Mar 21, 2026