The assembly lines at Jaguar Land Rover will continue to lay silent, after the company announced a halt in production until 1 October 2025, in the wake of the August cyber attack that has crippled operations.
The car maker – the largest in the UK, making 300,000 vehicles in 2024 and employing more than 30,000 people – said the decision will help it to plan a phased restart to operations while it continues investigations into the hack.
“Our teams continue to work around the clock, alongside cyber security specialists, the NCSC [National Cyber Security Centre] and law enforcement to ensure we restart in a safe and secure manner,” said JLR.
The BBC reports that the government’s business secretary, Peter Kyle, and industry minister, Chris McDonald, are visiting JLR today (Tuesday 23 September) for the first time since the cyber attack to meet with the company and firms in its supply chain.
McDonald said: “We have two priorities: helping Jaguar Land Rover get back up and running as soon as possible, and the long-term health of the supply chain.
“We are acutely aware of the difficulties the stoppage is causing for those suppliers and their staff, many of whom are already taking a financial hit through no fault of their own – and we will do everything we can to reassure them that the government is on their side.”
On 19 September, the Department for Business and Trade (DBT) had a meeting with the Society of Motor Manufacturers and Traders (SMMT) Automotive Components Section amid the ongoing disruption to the car maker’s wider supply chain.
Meanwhile, the union Unite is calling for a furlough scheme for workers at JLR suppliers, which employ 104,000 workers, according to the BBC. Some have been told to apply for Universal Credit. The union said workers are being laid off with “reduced or zero pay” following the hack.
Last week, Unite general secretary Sharon Graham said: “Workers in the JLR supply chain must not be made to pay the price for the cyber attack.
“It is the government’s responsibility to protect jobs and industries that are a vital part of the economy. Ministers should take the lead from the Scottish government’s support package for [bus manufacturer] Alexander Dennis staff and implement a similar scheme for workers in the JLR supply chain now.”
Since the attack, workers have been unable to produce vehicles at any of its factories, which are located in Slovakia, Brazil and India, as well as in the UK, as the Guardian newspaper highlighted in a deep dive analysis published on 20 September.
From the cyber security industry, commenting on the continued delays to production at JLR, James McQuiggan, CISO advisor at managed security platform supplier KnowBe4, said: “Cyber attacks targeting and disrupting large manufacturers’ production infrastructure demonstrate just how intertwined cyber security and business resilience need to be.
“When core systems are taken offline, the impact cascades through employees, suppliers and customers, showing that business continuity and cyber defence should be indivisible.
“Beyond immediate disruption, data theft during such incidents increases the long-term risks, from reputational damage to regulatory consequences.
“To mitigate these risks, organisations should regularly test and update their business continuity and incident response plans, strengthen supply chain risk assessments, and adopt zero-trust principles to limit attacker movement.”
It is still not clear who is behind the attack. Early on, a group of young Anglophone hackers, who call themselves Scattered Lapsus$ Hunters, claimed responsibility for the attack, according to the BBC and other media outlets.
The group boasted about the hack on Telegram, sharing screenshots seemingly taken from inside the carmaker’s IT networks. The same gang was responsible for a wave of cyber attacks this year on UK retailers, including Marks and Spencer. The newly named group seemed to consist of hackers who have been part of the groups Shiny Hunters, Lapsus$ and Scattered Spider.
However, the Guardian said one of its law enforcement sources has “advised caution against taking anything from the [Telegram] channel at face value”.
And JLR is not discussing details of the hack.
