The automaker Jaguar Land Rover (JLR) still hasn’t recovered from the ransomware attack that occurred in early September. The company is losing £5–10 million per day (₽574,000,000–1,148,000,000). This incident is becoming one of the largest cyberattacks in the country’s history and could affect the United Kingdom’s overall economic growth figures.
Jaguar Land Rover is an independent company within India’s Tata Motors.
Tata Motors acquired the Jaguar and Land Rover brands from the American automaker Ford in 2008 for US$2.3 billion, and in 2013 they were fully merged into a single company, Jaguar Land Rover.
JLR employs around 39,000 people, and the company produces more than 400,000 vehicles a year. The total number of jobs supported by JLR is estimated at no fewer than 100,000 worldwide.
The hacker attack on JLR became known in early September 2025, when the company reported that it had been forced to disable a number of systems due to a cyber incident. At the time, the company acknowledged that retail and manufacturing operations were severely disrupted.
JLR dealers in the UK also reported disruptions, having lost the ability to register new vehicles and supply parts to service centers. In response, JLR attempted to arrange additional deliveries. Media also reported that the company sought assistance from the UK government and asked the authorities to provide emergency support to suppliers.
As the media reported at the time, due to the attack JLR had to disable a number of systems, including those used at the company’s manufacturing plant in Solihull (the Land Rover Discovery, Range Rover, and Range Rover Sport are assembled there). Employees at the Halewood plant were also sent an email asking them not to come to work.
As it later emerged, overseas plants in China, India, and Slovakia also halted operations.
Furthermore, last week Jaguar Land Rover representatives confirmed that during the attack the hackers managed to steal “some data.” JLR did not specify what kind of data it was, or whether the leak might have affected the company’s customers.
“Since discovering the cyber incident, we have been working around the clock with external cybersecurity specialists to bring our global applications back online in a controlled and secure manner.
Based on our ongoing investigation, we have concluded that some data has been affected, and we are already notifying the relevant regulatory authorities. Our investigation is ongoing, and we will notify all affected individuals if it is determined that their data has been compromised,” the official statement read.
Yesterday, September 16, 2025, the company announced that it is once again extending the “pause” and postponing the restart of production until Wednesday, September 24, 2025. JLR explains this decision by citing the ongoing investigation and the gradual “controlled restoration of operations,” which takes time.
In its public statements, the company does not attribute this attack to any specific group.
As Bleeping Computer notes, cybercriminals from Scattered Lapsus$ Hunters (a coalition of members of the hacking groups Scattered Spider, LAPSUS$, and Shiny Hunters) claimed on their Telegram channel that they were behind the attack on JLR. The attackers published screenshots of the automaker’s internal SAP system and claim to have deployed ransomware on the compromised systems.
The prolonged downtime at JLR has already caused problems at other companies in the automaker’s supply chain. According to Sky News, JLR suppliers in the West Midlands, France, and Germany have been forced to implement temporary layoffs. The attack has currently affected around 6,000 jobs at Evtec, WHS Plastics, SurTec, and OPmobility.
The Unite union, which represents automotive industry workers, said it is already receiving reports of layoffs linked to the JLR hack across the company’s supply chain. Unite has called for the creation of a support package (as during the COVID-19 pandemic) for those whose jobs are at risk due to the cyber incident. It is suggested that the government could partially subsidize the wages of affected workers, easing the burden on their employers.
According to economists’ estimates, JLR’s daily losses amount to between 5 and 10 million pounds sterling (from 574,000,000 to 1,148,000,000 rubles). Officially, the company shut down its facilities on September 2, 2025 (although the media reported that the downtime began as early as August 31), which means that by now the company’s potential losses may already exceed £170 million (19.5 billion rubles).
Since Jaguar Land Rover’s annual revenue in 2024 amounted to £29 billion, JLR is expected to be able to absorb the financial losses; however, for smaller companies in the supply chain the consequences could be far more serious, and some of them may even go bankrupt.
According to The Telegraph, the automaker’s suppliers have been warned that the shutdown could last until November 2025, and that after the incident is contained it may take an additional three to four weeks. However, JLR representatives deny this.
According to experts, the disruption caused by the cyberattack on Jaguar Land Rover could ultimately harm the UK’s overall economic growth, as JLR is one of the country’s largest manufacturers and accounted for about 4% of all goods exports last year.