Impact of the Cyberattack on automotive Jaguar Land Rover

The attack, which occurred at the turn of August and September 2025, had a cascading effect that hit the entire Jaguar Land Rover (JLR) company and its suppliers. It was one of the **most significant cyber incidents in the automotive industry**.

Production Halt

Due to the disruption of key suppliers and JLR's IT systems, the carmaker had to **completely halt production** at its main UK plants (Solihull and Halewood), where the most profitable models like the Range Rover and Defender are manufactured. It is estimated that approximately **1,000 vehicles** were not produced daily.

Financial Losses

It is estimated that JLR is losing at least **50 million pounds** (over 1.4 billion CZK) **per week** due to the production outage. Total losses are calculated in billions of Czech crowns.

Impact on the Supply Chain

The biggest problem lies in the **"just-in-time"** principle on which the modern automotive industry operates. Without a smooth flow of components, the production lines stop. Some smaller suppliers faced the threat of **bankruptcy** due to the suspension of payments and orders, endangering tens of thousands of jobs across the United Kingdom.

Government Aid

The situation was so severe that the British government had to intervene and considered providing a loan guarantee of **1.5 billion pounds** to support suppliers and prevent a collapse of the supply chain.

Domino Effect on the Supply Chain

Although the attack was focused on Jaguar Land Rover, the impact spread through the supplier system. However, it did not directly affect other vehicle manufacturers.

  • Suppliers: The cyberattack hit key IT systems in the supply chain, which operates on the **just-in-time** principle. With systems for planning and ordering parts disrupted, thousands of JLR suppliers across the UK and Europe faced cancellations or delays of orders and lost revenue. Many had to limit operations and faced the threat of bankruptcy.
  • Economic Impact: The Cyber Monitoring Centre (CMC) estimated that the incident caused financial damage of **1.9 billion pounds** and affected over 5,000 organisations in the United Kingdom. These organisations are mainly small and medium-sized enterprises that are part of the extensive JLR supply chain.
  • Dealerships: The incident also had a severe impact on JLR dealers, who struggled with **system outages** (e.g., TOPiX) for ordering spare parts, vehicle registration, and diagnostics, which **complicated both sales and service**. Thus, the impact could also affect people who already own Jaguar or Land Rover cars.

Attack Details and Motive

According to available information, the attack was likely aimed at the Jaguar Land Rover supply chain rather than its main IT systems.

  • Suspected Attackers: The group calling itself **Scattered Lapsus$ Hunters** (which combines elements of the Scattered Spider, Lapsus$, and ShinyHunters groups) claimed responsibility. There was also suspicion of a connection to Russia, but this remains under investigation.
  • Motive: It was likely **extortion (ransomware)** with a demand for a high ransom, although JLR did not comment on the specific details of the attack.
  • Compromised Data: JLR confirmed that the incident affected "some data." Although customer data theft was not confirmed, leaks of internal system logs (e.g., from the Pivi Pro infotainment system) appeared, suggesting access to sensitive vehicle information.

🔄 Current Situation

JLR and the British government are working on a gradual restoration of operations.

  • Phased Restart: The company has begun a phased restart of some IT systems to be able to pay suppliers and dispatch spare parts.
  • Production Recovery: The plan to restart production was postponed several times, but the company is gradually beginning a limited production restart with the goal of returning to full operation, which may take weeks to months.
  • Impact on Dealers: Operations at dealerships mostly remained uninterrupted.

The entire incident is considered a wake-up call for the entire industry, highlighting the critical vulnerability of a modern, heavily interconnected manufacturing environment.

Would you like to know more about which specific models were affected, or what steps JLR is taking to restore full production?

Essential Prevention Steps (For Every Company)

  • Supply Chain Security: Everyone in the supply chain must focus on security and not just have the required stamps and certifications.
    • Partner Due Diligence: Before establishing cooperation, it is necessary to **verify the cyber security** of every new supplier, whether small or large. Signing a contract is not enough.

Backup and Recovery (Key to Resilience)

Backups are the last line of defence. The correct backup strategy minimizes damage caused by ransomware and allows for rapid production recovery.

  • 3-2-1 Rule: Keep at least **3 copies of data**, on **2 different types of media**, and **1 copy stored off-site (offline/off-site)**.
  • Isolated Backups: The backup server must be **physically or logically separated** from the production network (e.g., in a special VLAN) and accessible only for the necessary backup duration (so-called **air-gapping**). This prevents backups from being encrypted during an attack.
  • Regular Testing: Regularly test whether backups are functional and whether data can be quickly restored from them.