A cyberattack of unprecedented scale has been paralyzing the British automotive giant Jaguar Land Rover since the end of August 2025, plunging one of the country’s industrial flagships into an unprecedented crisis. For more than a month, the factories were reduced to silence, threatening not only the manufacturer but also tens of thousands of jobs and a weakened ecosystem of suppliers. For Peter Kyle, UK Secretary of State for Business and Trade, « this cyber-attack was not only an assault on an iconic British brand, but on our world-leading automotive sector and the men and women whose livelihoods depend on it ». It certainly represents a textbook case illustrating the extreme digital vulnerability of strategic industries.
A Claimed Attack and a Brutal Shutdown
On August 31, 2025, a group of hackers presenting themselves under the name “Scattered Lapsus$ Hunters” claimed responsibility on Telegram for an attack against Jaguar Land Rover (JLR). According to initial information, they allegedly exploited vulnerabilities in internal applications and compromised accounts to infiltrate the manufacturer’s systems. Faced with the intrusion, JLR – a subsidiary of the Indian group Tata Motors – made the radical decision to take all of its IT systems offline.
The consequences were immediate and devastating. Starting September 1, production completely stopped in the three British factories in Solihull, Halewood and Wolverhampton, as well as in the group’s sites in Slovakia, Brazil and India. Production, which normally reaches 1,000 vehicles per day, fell to zero. With the parts, vehicle and order management systems paralyzed, no vehicle, including flagship models like the Range Rover, Discovery and Defender, left the assembly lines throughout the month of September.
An Exorbitant Cost
The financial impact of this prolonged shutdown was estimated at nearly $68 million (£50 million) per week. This situation was aggravated by the fact that the manufacturer did not have finalized cyber insurance at the time of the attack, placing the entirety of direct and indirect costs on it.
On the human level, the crisis hit the 30,000 JLR employees in the United Kingdom head-on. An agreement was negotiated with the unions so that their hours would be paid, but these will have to be made up in the form of overtime, heavily impacting the workers.
But the shock wave spread well beyond the JLR factories, affecting an industry that employs more than 800,000 people in the United Kingdom. The production shutdown brutally interrupted financial flows to hundreds of suppliers, some of whom found themselves on the verge of bankruptcy, with only one week of cash flow. The most vulnerable were third and fourth-tier subcontractors, SMEs essential to the supply chain. The situation became so critical that the bankruptcy of these suppliers threatened to compromise the very restart of JLR, for lack of available parts.
The British Government Forced to Intervene
Faced with this risk of systemic collapse, the British government had to intervene massively. After considering directly purchasing spare parts from suppliers, London announced on September 27 the granting of a $2 billion loan guarantee (£1.5 billion) to allow JLR to stabilize its supply chain and protect thousands of jobs in the industrial basins of the Midlands and northern England.
The investigation into the attack is being conducted in cooperation with the UK National Cyber Security Centre (NCSC). While JLR acknowledged that “certain data has been affected,” the company did not specify whether it concerned customers or suppliers, nor whether a ransom had been demanded.
A Recovery Under Surveillance
At the end of September, the first signs of recovery appeared. JLR announced the partial restart of certain IT systems, concerning billing, parts management and sales to distributors, which made it possible to begin generating cash flows again. Production was to resume “in phases” at the beginning of October.
However, this crisis leaves deep marks. It spectacularly highlighted the vulnerability of a strategic industry facing increasingly sophisticated digital threats. The massive intervention of the State, although hailed as necessary to preserve the industry, also sparked political debates about the slowness of the reaction and the need to put in place more robust protection mechanisms, such as a public reinsurance system.
Image credit : Blagan, AdobeStock
