Jaguar Land Rover (JLR), Britain’s largest carmaker and a symbol of the nation’s automotive prowess, has found itself at an unprecedented standstill after a cyber attack in late August 2025 forced the shutdown of all its factories worldwide. As of September 23, the company confirmed that production would remain suspended until at least October 1, extending a growing period of uncertainty for tens of thousands of workers and businesses across the UK and beyond.
The cyber attack, which struck at the end of August, has left JLR’s IT networks crippled, effectively halting both its retail and manufacturing operations. According to JLR’s official statement, “Our focus remains on supporting our customers, suppliers, colleagues, and our retailers who remain open. We fully recognise this is a difficult time for all connected with JLR and we thank everyone for their continued support and patience.”
BBC reports that the shutdown has affected JLR’s major UK facilities in Solihull, Halewood, and Wolverhampton, as well as its overseas plants in Slovakia, Brazil, and India. The company, which produced 300,000 vehicles in 2024 and employs more than 30,000 people, has not produced a single car in over three weeks. The disruption is estimated to be costing JLR at least £50 million per week.
On September 23, 2025, Business Secretary Peter Kyle and Industry Minister Chris McDonald visited the West Midlands for the first time since the attack to meet with JLR executives and firms in its supply chain. The ministers also visited Webasto, a key supplier in Sutton Coldfield, to hear firsthand the challenges faced by businesses dependent on JLR’s operations. “We have two priorities: helping Jaguar Land Rover get back up and running as soon as possible, and the long-term health of the supply chain,” McDonald told the BBC. “We are acutely aware of the difficulties the stoppage is causing for those suppliers and their staff, many of whom are already taking a financial hit through no fault of their own—and we will do everything we can to reassure them that the government is on their side.”
The government’s concerns are well founded. JLR’s UK plants support about 30,000 direct jobs, with an additional 100,000 workers in the supply chain and 60,000 more relying on the spending of these employees. The ripple effects of the shutdown threaten not just the company, but the entire regional economy. Some suppliers, particularly smaller businesses, are teetering on the brink of insolvency. As Professor David Bailey of the University of Birmingham explained to BBC Radio WM, “If bits of the supply chain go under, that’s going to make a restart at JLR much more difficult.”
Steve Whitmarsh, chief executive of Run Your Fleet—a Solihull-based breakdown services and corporate car rental firm—believes that government intervention is “inevitable.” He told BBC Radio WM, “If we lose that supply chain, we’re not going to get it back. The impact on the economy and the taxpayer will be far greater than short-term assistance.”
Amid mounting pressure, the union Unite has called for a furlough scheme for staff of JLR suppliers. Reports have surfaced of workers being laid off with “reduced or zero pay” and being told to apply for Universal Credit. Unite’s general secretary, Sharon Graham, stated, “Workers in the JLR supply chain must not be made to pay the price for the cyber attack. It is the government’s responsibility to protect jobs and industries that are a vital part of the economy. Ministers should take the lead from the Scottish government’s support package for [bus manufacturer] Alexander Dennis staff and implement a similar scheme for workers in the JLR supply chain now.”
MPs from across the West Midlands and Merseyside, where JLR has plants, have urged the government to consider measures similar to those enacted during the COVID-19 lockdown, such as business loans and furlough schemes. Conservative MP Saqib Bhatti warned that “failure” to support the carmaker’s suppliers “could have really significant economic consequences” for the West Midlands. Meanwhile, the Liberal Democrats have called for urgent government intervention, with Helen Morgan, MP for North Shropshire, emphasizing the car industry’s importance to the regional and national economy.
While the company has been working around the clock with cybersecurity specialists, the National Cyber Security Centre (NCSC), and the National Crime Agency to restore its systems, the identity of the perpetrators remains murky. Early claims of responsibility came from a group calling itself Scattered Lapsus$ Hunters, who boasted about the hack on Telegram and shared screenshots allegedly from inside JLR’s IT networks. The group, reportedly composed of hackers from previously known collectives like Shiny Hunters, Lapsus$, and Scattered Spider, has claimed responsibility for other high-profile attacks this year, including one on Marks & Spencer. However, as the Guardian noted, law enforcement sources have “advised caution against taking anything from the [Telegram] channel at face value,” and JLR has declined to discuss details of the breach publicly.
Experts in the cybersecurity field see the JLR incident as a stark illustration of how intertwined digital security and business continuity have become. James McQuiggan, CISO advisor at KnowBe4, told Computer Weekly, “Cyber attacks targeting and disrupting large manufacturers’ production infrastructure demonstrate just how intertwined cybersecurity and business resilience need to be. When core systems are taken offline, the impact cascades through employees, suppliers and customers, showing that business continuity and cyber defence should be indivisible.” He added that beyond the immediate disruption, data theft during such incidents increases long-term risks, from reputational damage to regulatory consequences. McQuiggan recommends that organizations regularly test and update their business continuity and incident response plans, strengthen supply chain risk assessments, and adopt zero-trust principles to limit attacker movement.
The JLR shutdown is the latest in a series of cyber and ransomware attacks that have targeted major European businesses in recent months—including hospitals, charities, and airports in Brussels, Berlin, Dublin, and London. The scale and sophistication of these attacks have prompted calls for a more robust national response. Rachel Reeves, Britain’s Chancellor of the Exchequer, told ITV News, “There is a wider issue here, of ensuring that foreign states, including Russia, cannot bring down production, or flights, or public services in Britain. It is a new and a growing threat.”
JLR’s operational pause was initially expected to end on September 24, but the company extended the shutdown to provide “clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.” As the company works to bring its systems safely back online, the government and industry alike are grappling with the reality that digital threats can have tangible, far-reaching consequences for the real economy.
For the workers, suppliers, and communities who depend on JLR, the coming weeks will be critical. The hope is that the lessons from this crisis will drive stronger protections, more resilient supply chains, and a renewed focus on the value of cybersecurity in a world where the digital and physical are ever more entwined.
