Cyberattack blocks Jaguar Land Rover operations: production halted
Due to a hacker cyberattack on Jaguar Land Rover (JLR), the company's production will not resume until at least September 24.
As Autocar reports, no new Land Rover vehicles have been produced since the cyberattack on September 1, 2025, and these issues are affecting JLR worldwide.
The Jaguar and Land Rover maker is still recovering its computer systems after a hacker attack claimed by the Scattered Lapsus$ Hunters group, which also attacked Marks & Spencer earlier this year.
The hack has halted production at all JLR plants worldwide, disrupted parts ordering and slowed retailers down. According to professor and economist David Bailey, the impact could cost Jaguar Land Rover up to £5m a day.
"Today (16.09) we have informed colleagues, suppliers and partners that we have extended the current pause in our production until 24 September. We have made this decision in connection with the investigation of the cyber incident and the consideration of the various stages of the controlled recovery of our global operations, which takes time. We deeply regret the disruption caused by this incident and will keep you informed as the investigation progresses," said a statement from Jaguar Land Rover.
Most JLR employees are still out of work after the cyberattack, and the company plans to meet with government officials to discuss measures to support workers. It is believed that the company's suppliers may also receive support, as fears grow that some of them could go bankrupt.
Recall that in May 2025, hackers from the Scattered Lapsus$ Hunters group attacked the retailer Marks & Spencer, which led to a seven-week shutdown and a loss of £300 million. According to the HackYourMom portal, the Scattered Lapsus$ Hunters group of young hackers emerged from the merger of Scattered Spider, LAPSUS, and Shiny Hunters.
These hackers emerged after a series of high-profile attacks on British retailers Marks & Spencer, Co-op and Harrods, as well as large-scale campaigns against Salesforce integrations that affected Palo Alto Networks, Cloudflare, Zscaler and other companies. The UK's National Crime Agency has previously detained several teenage suspects, but their activities have not stopped. The group's Telegram channels are regularly closed, but new ones appear quickly.
According to experts, the Jaguar Land Rover case demonstrates that the combination of production sabotage and public blackmail is becoming a new trend among cybercriminals. For companies, this means the need for increased segmentation of internal networks, operational response during weekends and multi-level monitoring of data access. At the same time, regulators must respond more quickly to the growth of "youthful" cartels that combine aggressive communication and real hacks.
As we previously reported, a cyberattack forced Jaguar Land Rover to shut down its systems, causing major disruptions to its manufacturing processes, supply chains and vehicle repairs. Jaguar Land Rover is one of the UK's largest employers, employing over 33,000 people. According to British media, the government is concerned about the potential economic impact, as it could take weeks for the company to recover.
Read also: The first computer virus using AI has appeared
North Korean hackers used ChatGPT for phishing attack