Jaguar Land Rover global production halt (Scattered Lapsus$ Hunters, 2025)
A cyberattack on Britain's biggest carmaker forced JLR to shut down its global IT network and halted vehicle production in the UK, China, Slovakia, India, and Brazil for five weeks — now considered the most economically damaging cyber incident in UK history.
- Victim
- Jaguar Land Rover
- Loss
- $2.40B
In late August 2025, Jaguar Land Rover — the UK's largest carmaker, owned by Tata Motors — was hit by a cyberattack that forced it to shut down its entire global IT network and pause vehicle production across all its plants in the UK, China, Slovakia, India, and Brazil. The shutdown lasted more than five weeks and triggered one of the largest direct government cyber interventions in British history.
What happened
The intrusion was detected on 31 August 2025. JLR's response was unprecedented in its scope: rather than attempt to contain the attackers in-network, the company took down its global IT estate to prevent further damage. Production was paused the next day. Initial guidance was that lines would restart on 24 September; that date slipped twice as IT-system recovery proved more involved than first estimated, and full production did not resume until early October 2025.
A Telegram channel calling itself Scattered Lapsus$ Hunters — a name that combines two of the most active English-speaking extortion crews (Scattered Spider and Lapsus$) — claimed responsibility shortly after the attack.
Impact
- Vehicle production halted at every JLR plant worldwide for roughly five weeks.
- Estimated direct cost to JLR: £50 million per week in lost output.
- The UK government guaranteed a £1.5 billion emergency loan to keep JLR and its supplier base solvent.
- The Cyber Monitoring Centre estimated total damage to the UK economy at £1.9 billion (~$2.4 billion), naming this the most economically damaging cyber incident in British history.
- Thousands of suppliers — many of them small specialist manufacturers utterly dependent on JLR — were threatened with insolvency during the shutdown.
Why it matters
JLR's decision to shut down its global network deliberately turned a containable IT incident into a company-wide operational stop. The trade-off was textbook crisis response: take the immediate pain to keep the attackers from spreading into safety-critical and supplier-facing systems. But the second-order cost was enormous, and the supplier-chain blast radius forced the UK government to step in directly — a precedent that other governments are now studying.
Financial impact
Reported costs in USD
- Business loss$2.40B
Timeline
Attack begins against Jaguar Land Rover's IT environment.
JLR proactively shuts down its global IT network and pauses vehicle production across all plants.
Production lines have now been idle for three weeks; staff are told to stay home.
JLR extends the production pause to 1 October.
UK government guarantees a £1.5 billion emergency loan to JLR to stabilise the company and protect its supplier base.
Cyber Monitoring Centre publishes a statement classifying the incident as the most economically damaging cyberattack in UK history; estimated total damage £1.9 billion.
Sources
- en.wikipedia.orghttps://en.wikipedia.org/wiki/Jaguar_Land_Rover_cyberattack
- cybermonitoringcentre.comhttps://cybermonitoringcentre.com/2025/10/22/cyber-monitoring-centre-statement-on-the-jaguar-land-rovercyber-incident-october-2025/
- computerweekly.comhttps://www.computerweekly.com/news/366631527/Jaguar-Land-Rover-extends-cyber-attack-induced-shutdown-to-October
- industrialcyber.cohttps://industrialcyber.co/industrial-cyber-attacks/jaguar-land-rover-prolongs-production-halt-after-cyberattack-as-uk-government-steps-in-as-supply-chain-feels-strain/