Jaguar Land Rover supply chain cyberattack (UK)
What happened
British carmaker Jaguar Land Rover (JLR) detected a major cyberattack at the end of August 2025 and paused production on 1 September while it shut down IT systems to contain the intrusion. The disruption forced a halt to vehicle assembly at its three main UK plants in Solihull, Halewood and Wolverhampton, with staff told to stay home. After repeated extensions, production restarted only from 8 October under a phased, controlled approach, leaving the company idle for roughly five to six weeks. JLR initially said there was no evidence of data theft but later confirmed that some company data had been stolen.
According to the Cyber Monitoring Centre, the incident is among the most financially damaging cyber events in British history, with an estimated UK economic impact of about £1.9bn and more than 5,000 organisations affected across JLR's supply chain. JLR reported £196m in cyber-related costs in the quarter to 30 September, part of a £485m quarterly loss. With suppliers facing layoffs, the UK government announced a £1.5bn loan guarantee, delivered through UK Export Finance's Export Development Guarantee, to shore up the supply chain. The National Cyber Security Centre supported the response and the Information Commissioner's Office assessed JLR's disclosure.
A group calling itself "Scattered Lapsus$ Hunters" claimed responsibility via Telegram, posting screenshots said to be from JLR's internal systems; the name links it to the English-speaking cybercrime collectives Scattered Spider, Lapsus$ and ShinyHunters, previously associated with attacks on UK retailers. JLR and the NCSC have not publicly confirmed the attackers' identity.
Assessment
The evidence points to financially motivated cyber-crime rather than state-directed hybrid warfare. Responsibility was claimed by a self-styled criminal collective; no UK authority has confirmed attribution, and reporting describes social-engineering and credential-abuse tactics typical of such groups, not state tradecraft. The episode nonetheless illustrates how a single intrusion can cascade through critical manufacturing supply chains, idle a strategic exporter for weeks, dent national GDP and force government intervention. Treat group claims as unverified; the broader significance lies in demonstrated economic and supply-chain fragility, which hostile actors of any kind could exploit.
This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.