Jaguar Land Rover Suffers Cyberattack, Extends Production Halts
Auto manufacturer Jaguar Land Rover extends factory closures after sustaining cyber attack
Jaguar Land Rover (JLR) has been hit by a cyberattack, forcing the carmaker to take global systems offline on September 2. The attack has disrupted the distribution of new vehicles and affected operations in the UK, Slovakia, China, and India.
The attack, which occurred during the September vehicle registration period, has caused significant production disruptions and is estimated to cost JLR around $1 billion in revenue. The production halt has been extended until September 24 to allow for a forensic investigation and controlled restart of global operations.
A group called Scattered Spider, linked with Lapsus$ and ShinyHunters, has claimed responsibility for the cyberattack. This hacker group has been responsible for other high-profile attacks on retailers this year, including Marks & Spencer and Co-op. Techzine reported that the group published screenshots of an internal SAP system at JLR and claimed to have deployed ransomware on compromised servers.
JLR has been working to promote greater cross-functional collaboration between supply chain, procurement, and manufacturing within the company. In response to the cyberattack, the company is ensuring teams are fully aligned in the shared use of good quality data, including an end-to-end view of the bill of materials (BOM) from engineering through to logistics and aftermarket.
The attack on JLR is not an isolated incident. According to IBM X Force's 2025 Threat Index Report, manufacturing was identified as the number one industry targeted by cyberattacks in 2025. The report states that manufacturing had the highest number of ransomware cases in 2024, with attackers continuing to exploit outdated legacy technology in this industry.
The authors of the report warn that data breaches are often only the start of larger and more coordinated campaigns, and that cyber criminals are adopting generative AI as a new tool to attack companies with. JLR is focusing on upgrading its digital systems to make them more resilient following the cyberattack.
Simon Inskip, director of supply chain digital and innovation at JLR, identified compliance, climate, and the switch to electric vehicles as areas fraught with risk from potential threats last year. In response to these risks, JLR has processes around data-fed risk detection, which Inskip described as a sensing platform.
The shutdown is having a damaging impact on JLR's suppliers, who cannot dispatch parts or receive schedules, causing operations to halt across the supply chain. JLR is discussing digital tools to enhance visibility and resiliency in the supply chain at the Automotive Logistics and Supply Chain Digital Strategies Europe conference on November 26-27.
Despite the cyberattack, JLR reported a halving of profit in the second quarter of the year, in part because of the impact of US tariffs. The carmaker has been working to promote greater cross-functional collaboration between supply chain, procurement, and manufacturing within the company, and is focusing on upgrading its digital systems to make them more resilient following the cyberattack. JLR has stated that there was no evidence of customer data being compromised, but operations have been affected and systems are being restored 'in a controlled manner'.
Read also:
- User Data Analysis on Epic Games Store
- Rachel Reeves conducts a discussion with Scott Bessent and financial executives, focusing on investment matters
- Hyundai accelerates production plans: Introducing 7 new N models, aiming for a sales figure of 100,000 units by 2030.
- Yasa, an electric car engine producer, plans to broaden its operations.
