Key Points
- Jaguar Land Rover (JLR) is recovering from a major cyberattack that occurred on August 31, 2025, forcing a complete halt of its global production lines for nearly a month.
- The shutdown is estimated to cost the company up to £2 billion, with weekly losses pegged at around £50 million.
- A hacking group known as “Scattered Lapsus Hunters” has claimed responsibility for the attack.
- JLR has begun a “phased restart” of its IT systems as of September 25, focusing on clearing a backlog of payments to suppliers who are facing financial distress.
- The incident has put JLR’s technology partner, Tata Consultancy Services (TCS), under scrutiny, as other TCS clients have recently suffered similar attacks.
New Delhi: Jaguar Land Rover, owned by Tata Motors, is grappling with the severe fallout from a cyberattack that has crippled its global operations since August 31, 2025. The attack forced the complete shutdown of its IT systems and production facilities, leading to a month-long standstill that has cost the automaker dearly and sent shockwaves through its extensive supply chain.
Massive Financial and Production Impact
While JLR has not officially disclosed the total financial damage, estimates paint a grim picture. The Financial Times has reported potential losses could reach £2 billion, while the BBC estimates ongoing weekly losses of at least £50 million. The production halt at its major UK plants in Solihull, Halewood, and Wolverhampton, as well as facilities in Slovakia, China, and India, has directly impacted its 33,000 employees and put an estimated 200,000 jobs in the wider supply chain at risk.
“Scattered Lapsus Hunters” Claim Responsibility
A group of hackers calling themselves “Scattered Lapsus Hunters” has reportedly claimed responsibility for the breach. According to security experts, this group is a coalition of several notorious cyber-gangs, including Lapsus$ and Scattered Spiders, and is believed to consist largely of teenagers. The group, which has a history of targeting major UK retailers like Marks & Spencer and Co-op, posted taunting messages and screenshots of JLR’s internal network on Telegram before deleting them. Experts believe the attack is a ransom attempt, though no concrete evidence of customer data theft has been confirmed.
Phased Restart and Government Intervention
On September 25, JLR announced it had begun a “phased restart” of its IT infrastructure. The initial focus is on bringing financial systems back online to clear a massive backlog of payments to suppliers, many of whom are facing closure due to the prolonged shutdown. JLR’s Global Parts Logistics Centre has also returned to full operation to service customer vehicles.
The crisis has prompted the UK government to get involved. Officials are working with JLR and the Society of Motor Manufacturers and Traders (SMMT) to devise a support plan for the struggling suppliers.
The incident has also cast a spotlight on Tata Consultancy Services (TCS), JLR’s primary technology partner. In 2023, JLR signed an £800 million deal with TCS to manage and transform its digital architecture. The JLR hack is the third major cyberattack on a high-profile TCS client in the UK this year, raising questions about security vulnerabilities.
Crisis Timeline
- August 31: JLR’s systems are breached in a cyberattack.
- September 2: The company announces a full system shutdown and halts production globally.
- September 16: The production pause is extended until September 24.
- September 23: The shutdown is further extended to at least October 1.
- September 25: JLR announces a “phased restart” of its IT systems, beginning with supplier payments and logistics.
