A cyberattack discovered on 31 Aug forced Jaguar Land Rover to halt production across its UK, Slovakian, Brazilian and Indian factories. The shutdown, extended until 1 Oct, has exposed supply‑chain vulnerabilities, left 33 000 workers idle and prompted government support for suppliers.
A stealth attack paralyses global production lines
On 31 August 2025 Jaguar Land Rover (JLR) detected a major cyber intrusion that forced it to shut down its IT systems and halt production at factories in the UK, Slovakia, Brazil and India. The company builds roughly 1 000 cars per day and generated about 300 000 vehicles in 2024, so every day offline means tens of millions of dollars in lost output. Analysts estimate JLR is burning through about 50 million pounds per week while its lines sit idle. By 23 September the shutdown had already lasted three weeks and the firm confirmed that factories would remain dark until at least 1 October.
Investigations reveal stolen data and supply‑chain chaos
Initially JLR told customers and regulators that no data had been compromised, but a few weeks later it admitted that attackers had stolen information after all. The hackers, believed to be linked to the Scattered Spider group, breached networks and disrupted everything from manufacturing control systems to dealer portals. The shutdown rippled through JLR’s global supply chain, leaving 33 000 employees at home and causing smaller suppliers to struggle with cash‑flow shortages. With dealerships unable to register new cars during the key September plate‑change period, the disruption hit sales and forced some dealers to use manual paperwork.
Government and unions race to limit damage
The crisis quickly drew the attention of government ministers, who planned to visit JLR factories and local suppliers to discuss emergency support. Unions such as Unite called for a temporary furlough scheme so that workers would not lose wages while waiting for production to restart. Reports suggest that JLR had been negotiating a cyber‑insurance policy but had not finalised the deal before the attack, leaving it potentially uninsured. The attack has underscored the vulnerability of even large manufacturers and the critical importance of securing operational technology as well as IT systems.
Lessons for cybersecurity in the automotive industry
Experts say the JLR breach highlights the need for a “zero trust” approach to cybersecurity in manufacturing. Instead of assuming that internal networks are safe, organisations must verify every user and device, segment systems and require multi‑factor authentication at every layer. Automakers also need to scrutinise the security of their suppliers, since attackers often pivot through third parties to reach prime targets. Building resilience means investing in detection and response capabilities, maintaining offline backups of critical systems and practising incident‑response drills. As cyber threats proliferate, the JLR incident is a reminder that business continuity now depends as much on digital hygiene as on mechanical engineering.
