CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Jaguar Land Rover Production Disrupted by Cyberattack

First reported
Last updated
3 unique sources, 9 articles

Summary

Hide ▲

Jaguar Land Rover (JLR) has confirmed that the September 2025 ransomware attack cost the company £196 million ($258 million) in Q2, covering incident response, forensics, IT overtime, and other recovery expenses. The attack, attributed to the Scattered Lapsus$ Hunters collective, halted production at JLR’s three UK plants for weeks, resulting in a 24% year-on-year revenue drop to £4.9bn ($6.5bn) and total quarterly losses of £485m ($639m). The UK government intervened with a £1.5 billion loan guarantee to stabilize the supply chain, while JLR implemented a new loan-backed financing scheme to support suppliers. CEO Adrian Mardell announced that production of all luxury brands has now resumed, and operations have stabilized, though the broader financial and economic impacts—including a £1.9bn ($2.6bn) hit to the UK economy—remain significant. The cyberattack, which began with a vishing call to JLR’s IT helpdesk, disrupted global manufacturing, dealer systems, and parts logistics, affecting over 5,000 UK organizations. The Cyber Monitoring Centre (CMC) ranked it as a Category 3 systemic event, the most economically damaging cyber incident in UK history. JLR’s Q2 losses also reflect broader challenges, including US tariffs and the planned wind-down of legacy Jaguar models. Despite the crisis, the company has maintained its £18 billion investment plan over five years and restored wholesale, parts logistics, and supplier financing systems.

Timeline

  1. 15.11.2025 17:09 2 articles · 2d ago

    JLR Financial Impact and Operational Stabilization

    JLR’s Q2 financial results confirm the cyberattack cost £196 million ($258 million), contributing to a £485m ($639m) quarterly loss and a 24% revenue decline to £4.9bn ($6.5bn). The Bank of England cited the incident as a key reason for weaker-than-expected Q3 2025 GDP. CEO Adrian Mardell stated that production of all luxury brands has resumed, with operations stabilized and wholesale, parts logistics, and supplier financing fully restored. JLR implemented a new loan-backed financing scheme to ease supplier cashflow, complementing the UK government’s £1.5bn loan guarantee. Despite the crisis, the company maintained its £18bn investment plan over five years, though broader economic impacts—including a £1.9bn ($2.6bn) hit to the UK economy—persist.

    Show sources
    Open in new tab
  2. 22.10.2025 14:46 2 articles · 26d ago

    JLR Cyberattack Ranked as Category 3 Systemic Event

    The Cyber Monitoring Centre (CMC) ranked the JLR cyberattack as a Category 3 systemic event, indicating significant disruption and financial loss. The financial impact could be higher if operational technology was significantly affected or if there are delays in restoring production. The vast majority of the financial impact was due to the loss of manufacturing output at JLR and its suppliers. The incident led to a halt in global manufacturing operations, including major UK plants, and production lines were halted for several weeks. Suppliers faced canceled or delayed orders, and dealer systems were intermittently unavailable. The CMC used six metrics, including business interruption losses, incident response, IT rebuild and recovery costs, and supply chain business interruption costs to evaluate the total cost of the cyber incident.

    Show sources
    Open in new tab
  3. 08.10.2025 13:15 3 articles · 1mo ago

    JLR Reports Significant Sales Drop Due to Cyberattack

    JLR experienced a 25% drop in volume sales in the three months up to September 30 due to the cyber incident. Wholesales in Q2 FY2026 were 66,165 units, a 24.2% reduction compared to the same period in the previous year. Retail sales fell by 17.1% during the same period. The cyber incident contributed to production stoppages since the start of September, and sales are likely to continue to be significantly impacted over the coming months. The suspension of operations has had a severe impact on JLR’s large extended supply chain, resulting in job losses in some of these companies. The company will report its full financial results for Q2 FY26 in November. The financial impact of the cyberattack is expected to have long-term effects on the company's operations and financial stability.

    Show sources
    Open in new tab
  4. 29.09.2025 13:57 4 articles · 1mo ago

    UK Government Provides £1.5 Billion Loan Guarantee to JLR

    The loan guarantee is provided through the UK Export Finance's Export Development Guarantee (EDG) program, which reduces the risk for lenders by covering the majority of a loan in the event of JLR defaulting on repayment. The loan will be repaid over five years and provide cash relief for JLR, enabling the company to pay suppliers and restore its supply chain. The financial impact of the cyberattack underscores the need for robust government support to mitigate economic disruptions.

    Show sources
    Open in new tab
  5. 16.09.2025 16:08 5 articles · 2mo ago

    Scattered Lapsus$ Hunters Claim Responsibility for JLR Cyberattack

    The Scattered Lapsus$ Hunters collective claimed responsibility for the JLR breach, revealing that the attack began with a vishing call to the company’s IT helpdesk requesting a password reset—a tactic previously used in breaches of M&S and the Co-op Group. The group’s members are linked to the Scattered Spider, Lapsus$, and ShinyHunters extortion groups. UK authorities recently arrested two teenagers associated with Scattered Spider, while another member surrendered before being released. The CMC warned of potential long-term impacts, including trade secret theft and economic instability, emphasizing the need for stronger government cybersecurity oversight and proactive audits of nationally critical companies.

    Show sources
    Open in new tab
  6. 02.09.2025 17:23 9 articles · 2mo ago

    Jaguar Land Rover Systems Shut Down Due to Cyberattack

    The cyber-attack on JLR caused a £1.9bn ($2.6bn) financial impact in the UK, affecting over 5,000 organizations and ranking as a Category 3 systemic event. The attack, initiated via a vishing call to JLR’s IT helpdesk by the Scattered Lapsus$ Hunters collective, halted production at three UK plants for weeks, with the vast majority of losses stemming from manufacturing output disruption. JLR’s Q2 cyber-related costs totaled £196 million ($258 million), covering incident response, forensics, IT overtime, and regulatory expenses. The attack led to a £485m ($639m) quarterly loss, a 24% revenue drop to £4.9bn ($6.5bn), and severe supply chain disruptions, including canceled orders and intermittent dealer system outages. The CMC’s evaluation included business interruption, IT recovery, and supply chain costs, while the Bank of England cited the incident as a key factor in weaker-than-expected Q3 2025 GDP.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

UK Introduces Cyber Security and Resilience Bill to Strengthen National Defenses

The UK government has introduced the Cyber Security and Resilience Bill, aiming to upgrade the 2018 NIS Regulations and bolster national cyber defenses. The bill proposes stricter security requirements for essential services, expanded incident reporting, and enhanced regulatory powers. It also includes new regulations for managed service providers and critical suppliers, with tougher penalties for serious offenses. The legislation follows multiple high-profile breaches and aims to address growing cyber threats, including those from AI and unsupported equipment. The bill aims to address annual damages of nearly £15 billion ($19.6 billion) from cyberattacks, with the average significant cyberattack costing over £190,000, totaling roughly £14.7 billion each year. The Technology Secretary will have the authority to direct regulators and organizations to take actions when national security is threatened.

Open in new tab

UK NCSC Reports Significant Increase in Nationally Significant Cyber Incidents

The UK’s National Cyber Security Centre (NCSC) reported 204 “nationally significant” cyber incidents between September 2024 and August 2025, representing a 130% increase from the previous year. The NCSC received 1727 incident tips, with 429 elevated to incidents requiring support. Recent high-profile attacks on Marks & Spencer, the Co-op Group, and Jaguar Land Rover highlighted the real-world impact of cyber threats. The NCSC emphasized the need for urgent action from business leaders to enhance cybersecurity defenses. The UK government has urged senior executives to better prepare for cyber-attacks, noting that cybersecurity has been a concern for middle management for too long. The NCSC's 2025 Annual Review included a letter from the CEO of the Co-op Group, emphasizing the responsibility of senior leaders in protecting their businesses. The NCSC launched the Cyber Action Toolkit to help small organizations improve their cyber defenses.

Open in new tab

Manufacturing Sector Continues to Face Heightened Ransomware Threats

Manufacturing remains the top target for ransomware attacks, with 22% of all reported incidents between April 2024 and March 2025. The sector's critical role in global supply chains makes it an attractive target for attackers who exploit security gaps and leverage AI to enhance their tactics. Recent high-profile incidents, such as the attack on Jaguar Land Rover, highlight the severe disruption and financial losses caused by these attacks. The manufacturing industry's reliance on legacy systems and the convergence of IT and OT environments create significant security challenges. Experts emphasize the need for robust patch management, network segmentation, and proactive third-party risk management to mitigate these threats.

Open in new tab

Renault and Dacia UK Customers Affected by Third-Party Data Breach

Renault and Dacia UK customers have been notified of a data breach affecting personal information shared with a third-party provider. The breach exposed full names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers, and vehicle registration numbers. The third-party provider has isolated the incident and removed the threat from its networks. The affected customers are advised to be vigilant against potential phishing and social engineering attacks. The number of impacted customers and the identity of the third-party provider have not been disclosed. The breach follows a significant cyberattack at Jaguar Land Rover in the UK, which disrupted operations for nearly a month, and is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER.

Open in new tab

Asahi Group Holdings Suffers Cyberattack Disrupting Japanese Operations

Asahi Group Holdings, Ltd., Japan's largest brewer, has confirmed a ransomware attack that began on September 29, 2025, and has disrupted operations in Japan. The incident has affected ordering, shipping, customer service activities, and production at some of its 30 domestic factories. The company has confirmed data theft from compromised devices and is working to restore impacted operations. The attack has not affected operations outside of Japan, and no ransomware group has claimed responsibility. Asahi has established an Emergency Response Headquarters and is collaborating with external cybersecurity experts to restore the system. The company has begun partial manual order processing and shipment and aims to gradually resume call center operations. The potential impact on Asahi’s financial results for fiscal year 2025 is under review. Asahi Group Holdings is investigating the source of the disruption and working to restore impacted operations. The company operates four regional branches and holds significant market share in Japan and internationally. The nature of the cyberattack is confirmed as ransomware, which has led to system failures affecting orders, shipments, and call center operations at all subsidiaries in Japan.

Open in new tab