Jaguar Land Rover Still Has Not Resumed Production After Cyberattack

Jaguar Land Rover (JLR) has yet to recover from the ransomware attack it suffered in early September, with production still halted and losses mounting. The company is believed to be losing between £5 million and £10 million per day (approximately 574 million to 1.148 billion rubles). Analysts warn the prolonged outage could become one of the most significant cyber incidents in UK history and may even affect national economic growth figures.

Attack and Immediate Impact

News of the “cyber incident” broke in early September 2025, when JLR confirmed that retail and manufacturing operations had been severely disrupted.

UK dealerships reported they were unable to register new vehicles or supply parts to service centers. JLR attempted to arrange additional supplies, while media outlets reported the company had sought emergency support from the UK government to help stabilize its supplier network.

The attack forced shutdowns at multiple facilities, including the Solihull plant—where the Land Rover Discovery, Range Rover, and Range Rover Sport are assembled—and the Halewood plant, where workers were told not to report for shifts. Production later halted at overseas plants in China, India, and Slovakia as well.

Data Theft Confirmed

Last week, JLR acknowledged that attackers had stolen “some data” during the breach, though it has not specified what information was taken or whether customers were affected.

“Since detecting the cyber incident, we have been working around the clock with third-party cybersecurity specialists to restart our global applications in a controlled and secure manner,” the company said in a statement. “As a result of the ongoing investigation, we have concluded that some data was impacted and are notifying the relevant regulatory authorities accordingly. Our investigation continues, and we will notify all affected individuals should their data be found compromised.”

Responsibility and Ongoing Disruptions

While JLR has not attributed the attack to any group, Bleeping Computer reports that cybercriminals calling themselves Scattered Lapsus$ Hunters—an alliance of members from the Scattered Spider, LAPSUS$, and Shiny Hunters gangs—claimed responsibility on Telegram. They posted screenshots of JLR’s internal SAP system and alleged they had deployed ransomware across company networks.

The disruption has rippled through JLR’s supply chain. According to Sky News, suppliers in the West Midlands, France, and Germany have been forced into temporary layoffs. Around 6,000 jobs have already been affected at companies including Evtec, WHS Plastics, SurTec, and OPmobility.

The Unite union, which represents automotive workers, confirmed it has received reports of layoffs and urged the government to introduce a support package similar to COVID-19 wage subsidies to ease pressure on smaller employers.

Economic and Industry Impact

JLR officially closed its plants on September 2, 2025 (though some reports suggest downtime began August 31). With daily losses of £5–10 million, the company may already have forfeited more than £170 million (19.5 billion rubles).

Given JLR’s 2024 revenue of £29 billion, the company is expected to absorb the financial hit. But smaller suppliers face more serious consequences, with some at risk of bankruptcy if production does not resume soon.

The Telegraph reported suppliers were warned downtime could last until November 2025, followed by an additional three to four weeks for recovery. JLR has publicly denied this timeline.

Experts caution that the incident could ultimately dent the UK’s economic performance. As one of Britain’s largest manufacturers, JLR accounted for about 4% of the country’s goods exports in 2024—meaning extended disruption could weigh on growth figures.