Jaguar Land Rover (JLR) has confirmed that the production halt will continue until at least Wednesday, September 24, 2025. The company is dealing with the aftermath of a major cyberattack that disrupted its IT systems and paralyzed part of its production at the end of August.
In an official statement, JLR explains that the extension is necessary because the forensic investigation into the attack is still ongoing. In addition, the controlled restart of global operations is taking longer than anticipated. The group emphasizes that it is prioritizing a safe and stable restart and says it will continue to keep employees, suppliers, and partners regularly informed.
According to reports by ICTMagazine, the recovery of the affected IT systems could take weeks. This means that not only production but also sales channels will be disrupted for an extended period of time. Employees have already been told to stay at home for the time being, as processes within factories and sales organizations are still not functioning normally.
The economic impact is now mounting. Automotive Online reports that JLR has already suffered a loss of revenue of approximately £1 billion (almost €1.2 billion). The damage to profits is estimated at around £70 million. Normally, around 1,000 vehicles roll off the British production lines every day, but currently around 33,000 employees are at home due to the shutdown.
The consequences are not limited to the company itself. Jaguar Land Rover accounts for approximately four percent of British exports, and the prolonged shutdown could undermine the United Kingdom’s economic growth targets. The issue is also receiving political attention: the cyberattack once again underscores the urgency of the planned Cyber Security and Resilience Bill, which aims to protect companies against digital threats better.
Ransomware on servers
The perpetrators behind the attack have not yet been officially identified. However, a group calling itself Scattered Lapsus$ Hunters has claimed responsibility for the attack. The cybercriminals published screenshots of an internal SAP system at JLR and also claimed to have deployed ransomware on compromised servers. According to their own statements, the group consists of members associated with well-known extortion groups such as Scattered Spider, Lapsus$, and ShinyHunters.
The same group recently claimed responsibility for attacks on Salesforce, in which data was allegedly stolen from prominent technology companies, including Google, Cloudflare, Palo Alto Networks, Tenable, and Proofpoint, through social engineering and misuse of OAuth tokens.
Also read: TCS and Jaguar launch initiative for CO2 reduction and EV development