Jaguar Land Rover (JLR), the UK’s largest car manufacturer, is facing an unprecedented crisis after a debilitating ransomware attack brought its global operations to a grinding halt. The cyber assault, which struck on September 1, 2025, has left production lines idle, thousands of workers at home, and the company scrambling to assess the full extent of the damage. As of September 16, JLR has confirmed that its factories will not restart until at least September 24, with industry insiders warning that the disruption could stretch into November.
According to statements released by JLR and reported by multiple outlets including BBC, Reuters, and The Independent, the company’s IT infrastructure and manufacturing facilities have been rendered inoperable. The attack has forced the shutdown of all JLR’s global plants, including its main sites in Solihull and Halewood, an engine manufacturing facility in Wolverhampton, and factories in Slovakia, China, and India. The company, owned by Tata Motors, usually produces up to 1,000 cars a day—a figure that underscores the scale of the disruption.
"Today we have informed colleagues, suppliers and partners that we have extended the current pause in our production until Wednesday 24th September 2025. We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time. We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses," JLR said in a statement on September 16, as reported by Autocar and The Independent.
The financial implications are staggering. Business economics professor David Bailey told Autocar and the PA news agency that the attack could be costing JLR up to £5 million a day, with lost production value estimated at £1.7 billion. He warned, "The value of cars usually made at the sites means that around £1.7 billion worth of vehicles will not have been produced, and I’d estimate that would have an initial impact of around £120 million on profits." If the shutdown continues into November, as some industry sources fear, the number of unbuilt vehicles could reach 50,000.
The cybercriminal group claiming responsibility calls itself “Scattered Lapsus$ Hunters,” a coalition apparently comprising members of the notorious Scattered Spider, Lapsus$, and ShinyHunters gangs. According to IT security media and BBC, the group has previously targeted other major British companies, including Marks & Spencer and Co-op. Screenshots of confidential internal JLR systems have reportedly surfaced online, though the full extent of the data breach remains under investigation.
Initially, JLR seemed confident that the impact was limited, stating, "There is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted." However, by September 10, the company acknowledged that some data had been accessed by the attackers and that relevant regulators were being informed. JLR has committed to contacting any individuals whose data was affected.
The human cost of the shutdown is equally severe. Up to 33,000 workers at JLR’s UK plants have been asked not to report to work while the investigation continues, according to BirminghamLive and BBC. While JLR has assured that no jobs are currently at risk for its direct employees, the situation is far more precarious for the thousands employed by companies in its vast supply chain. Many of these suppliers are small or medium-sized businesses with limited financial reserves. Some have told the BBC they simply cannot survive an extended shutdown, and former Aston Martin CEO Andy Palmer warned, "I would not be at all surprised to see bankruptcies." Palmer added, “You hold back in the first week or so of a shutdown; you bear those losses. But then you go into the second week, more information becomes available – then you cut hard. So layoffs are either already happening or are being planned."
Jason Richards, West Midlands regional officer at Unite the union, voiced concern for workers’ livelihoods: "We're already seeing employers having discussions on potential redundancies. People have to pay rent, they have to pay mortgages and if they're not getting any pay, what are they supposed to do?" Unite has called for a government-backed furlough scheme to help pay the salaries of those unable to work due to the stoppage—a measure reminiscent of the support provided during the Covid-19 pandemic. The Commons Business and Trade Committee has also pressed the Chancellor for plans to support vulnerable businesses in the supply chain.
JLR’s leadership is actively seeking government support. Executives were scheduled to meet with ministers on September 16 to discuss a potential furlough scheme for plant workers and financial aid for suppliers. According to The Independent, these talks also involve the Department for Business and Trade, as the risk of lasting damage to the UK’s engineering base becomes more apparent.
Despite the mounting challenges, some industry figures have rallied behind JLR, emphasizing that the company is a victim of crime rather than culpable for the crisis. David Roberts, chair of Evtec Group, told the BBC, "We should not forget who is to blame here. All of this is the fault of criminals. JLR is the victim here. We should remember who started this - and it wasn't JLR."
The severity of the attack and its implications have not gone unnoticed in the political arena. Last week, the UK House of Commons debated the incident, with parliamentarians discussing the government’s response and raising questions about possible state sponsorship, though officials have cautioned that it is too early to confirm such speculation.
As JLR works around the clock with cybersecurity specialists to restore its systems, the company has introduced some workarounds to maintain limited activity. However, the process of restarting production is far from straightforward. Even if the company meets its new target date of September 24, industry experts warn that returning to pre-attack output levels could take several weeks, prolonging the pain for workers, suppliers, and dealerships alike.
For now, the automotive giant remains locked in a battle not just to recover its operations, but to safeguard its workforce, supply chain, and reputation. The coming weeks will reveal whether JLR and its partners can weather the storm—or if the aftershocks of this cyber attack will reshape the UK’s automotive landscape for years to come.
