Jaguar Land Rover has announced a further extension to its production shutdown following a devastating cyber attack that has paralysed the British automotive giant for nearly a month, with operations now unlikely to resume before Wednesday, 1 October 2025.
The iconic British manufacturer, which produces Range Rover, Defender and Discovery models, suffered the cyber assault on 1 September that forced an immediate halt to vehicle production across its global facilities in the UK, Slovakia, China and India. The company confirmed Monday it would extend the current pause for another week beyond the previously announced 24 September restart date.
The shutdown could be costing JLR as much as $6.8 million (£5.2 million) per day, with the company’s three UK plants normally producing about 1,000 vehicles daily. Industry experts now warn total losses could exceed £300 million if production remains halted into October, with some predicting the disruption could extend until November.
“We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation,” JLR said in a statement to colleagues, suppliers and partners. “We fully recognise this is a difficult time for all connected with JLR and we thank everyone for their continued support and patience.”
The manufacturer confirmed it was working “around the clock” alongside cybersecurity specialists, the National Cyber Security Centre and law enforcement to ensure operations restart in a “safe and secure manner.” The cyberattack forced the company to disconnect some systems, which led to factories in the UK, China, Slovakia and India getting shut down and workers being instructed to stay at home.
The English-speaking cybercrime group believed to be responsible for the cyber-attacks on UK retailers Marks & Spencer, The Co-op and Harrods earlier this year has claimed responsibility for the attack. The group, calling themselves “Scattered Lapsus$ Hunters,” represents an apparent collaboration between notorious hacking collectives Scattered Spider, ShinyHunters and Lapsus$.
According to Sophos researchers, a group claiming ties to Scattered Spider, Lapsus$, and ShinyHunters has taken credit for the attack. The hackers allegedly shared screenshots reportedly taken from inside JLR’s IT networks on Telegram, including internal instructions for troubleshooting car charging issues and internal computer logs.
JLR has now confirmed that “some data” may have been affected in the breach, with relevant regulators being informed. The company stated that anyone whose data had been impacted would be contacted as soon as possible. The incident is also affecting the company’s supply chains, including vehicle repairs.
The timing of the attack has proved particularly devastating, occurring just as the automotive industry traditionally sees sales surge with the introduction of new September number plates. The shutdown affects JLR’s manufacturing facilities at Halewood, Solihull and Wolverhampton, which have been paused for nearly four weeks.
Professor David Bailey of Birmingham Business School warned: “By then the hit to revenue will be about £1.7bn, and to profits potentially £120m. There’s talk that this might actually go on to November, in which case we’re looking at something like 50,000 cars not being produced.”
The crisis has triggered urgent government intervention. Chris McDonald, minister in the Department of Business and Trade, told Reuters he had met the company on Tuesday to “discuss their plans to resolve this issue and get production started again.” The Society of Motor Manufacturers and Traders (SMMT) convened the Automotive Components Section last week to allow suppliers to provide feedback to the government.
The supply chain impact has proved catastrophic for smaller firms. Autins Group, a JLR supplier, saw its share price plummet by 55% after acknowledging that JLR stopping all production was having a material effect on its own operations. Many suppliers have little financial buffer, with several warning that extended disruption could push them towards bankruptcy.
Unite union general secretary Sharon Graham called for immediate government action, stating: “Workers in the JLR supply chain must not be made to pay the price for the cyber attack.” The union has demanded a furlough scheme similar to that implemented during the Covid-19 pandemic to support affected workers.
Jason Richards of Unite said: “We’re already seeing employers having discussions on potential redundancies. People have to pay rent, they have to pay mortgages and if they’re not getting any pay, what are they supposed to do?”
The attack mirrors the devastating cyber assault on Marks & Spencer earlier this year, which the same hacking group claimed responsibility for. M&S was forced to move a number of processes offline, shut down online sales, and experienced seven weeks of disruption costing £300 million in lost operating profit.
Scattered Spider, a financially motivated group known for voice-phishing help desks and SIM-swapping, has been active since 2022 and targeted telecom, retail, insurance, and aviation companies, disrupting US casinos as well as UK retailers. The group’s members are believed to be primarily 19- to 22-year-old native English speakers.
ShinyHunters have been tied to a surge in Salesforce-related attacks, including breaches at Google and Workday, whilst Lapsus$ used extensive social engineering and public extortion to attract media attention in 2021-2022 for their hacks of Okta, NVIDIA, Microsoft, and other companies.
While Jaguar Land Rover has invested heavily in IT transformation, including an £800 million cybersecurity and IT support contract with Tata Consultancy Services, the cybersecurity incident illustrates how even robust investments can falter against determined attackers.
Lucas Kello, director of the University of Oxford’s Academic Centre of Excellence in Cyber Security Research, told Recorded Future News: “This is more than a company outage; it’s an economic security incident.
The attack has raised serious questions about Britain’s cyber resilience. The incident triggered an urgent debate in the House of Commons, with MPs drawing comparisons to recent cyber incidents at the NHS and the British Library. Opposition MPs warned that the attack on a flagship manufacturer revealed systemic vulnerabilities in both government preparedness and industry adoption of resilience tools.
JLR, owned by India’s Tata Motors, is one of Britain’s most significant industrial producers, accounting for roughly 4% of goods exports last year and employing more than 33,000 staff in the UK. The company’s North American sales were up 23% last year, with the US recently replacing China as its largest single market.
Former Aston Martin CEO Andy Palmer warned the BBC: “I would not be at all surprised to see bankruptcies. You hold back in the first week or so of a shutdown; you bear those losses. But then you go into the second week, more information becomes available, then you cut hard. So layoffs are either already happening or are being planned.”
JLR emphasised that its retail partners remain open despite the production pause, though the extended shutdown will inevitably impact vehicle availability in showrooms. The company described the convening of government support as an “important move” complementing its wider response efforts.
A JLR spokesperson said: “This action complements JLR’s wider response, including our focus on our global supply chain, our retail partners, our clients and our people as we continue to work around the clock to restart our global applications in a controlled and safe manner.”
The incident serves as a stark warning about the vulnerability of modern manufacturing to cyber threats, with highly integrated production networks creating cascading failures across entire industries when a single point is compromised.
Follow for more updates on Britannia Daily
Image Credit:
Jaguar and Land Rover showroom – Marshalls Dealership — photo by Andy-Hay, licensed CC BY-SA 2.0.
