Jaguar Land Rover (JLR) suffered a **late-summer cyberattack** that severely disrupted automotive production for weeks, forcing a phased restart in early October. The attack occurred in **September 2023**, a critical month marking the start of the **2026 Range Rover model year** and the U.K.’s new vehicle registration plate period. Revenue plummeted **24% year-over-year** to **$6.45 billion**, with wholesale units dropping **24%** due to halted operations. The incident crippled JLR’s **supply chain**, impacting **~5,000 organizations** and prompting a **$659 million emergency financing** package for suppliers. The British economy lost an estimated **$2.5 billion**, leading U.K. officials to intervene with a stabilization loan.The attack, suspected to be a **social engineering breach** by a threat group linked to the **April 2023 Marks & Spencer hack**, caused **$313 million in exceptional costs**, including recovery expenses and a voluntary cost-cutting program. JLR reported a **$638 million pre-tax loss** and a **$735 million net loss** for the quarter. Production shutdowns, delayed model launches, and supply chain chaos underscored the attack’s **operational and financial devastation**, with Moody’s warning of escalating **third-party cyber risks** in Europe’s interconnected manufacturing networks.
JLR cybersecurity rating report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "JAG0092700111825",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "4/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Automotive',
'location': 'United Kingdom',
'name': 'Jaguar Land Rover (JLR)',
'size': 'Large (largest UK automaker)',
'type': 'Automaker'},
{'industry': ['Automotive',
'Manufacturing',
'Logistics'],
'location': 'Multiple countries (Europe-focused)',
'name': '5,000+ supplier organizations',
'type': 'Supply Chain Partners'}],
'attack_vector': 'Social Engineering',
'date_detected': '2023-09',
'date_publicly_disclosed': '2023-10-27',
'date_resolved': '2023-10-01',
'description': 'Jaguar Land Rover (JLR) experienced a cyberattack in late '
'summer (September 2023) that disrupted automotive production '
'for weeks, leading to a 24% revenue drop in Q2 FY2024. The '
'attack, suspected to be a social engineering incident, was '
'claimed by the same threat group linked to the April 2023 '
'attack on Marks & Spencer. It forced JLR to halt systems '
'during a critical production month, impacting 5,000+ '
'organizations in its supply chain. The company reported a '
'pre-tax loss of $638M, with exceptional costs of $313M tied '
'to the attack. The British economy lost ~$2.5B, prompting UK '
'officials to back a $659M loan package to stabilize '
'suppliers. JLR prioritized phased recovery, resuming '
'operations in early October.',
'impact': {'brand_reputation_impact': 'Significant (highlighted risks in '
'European supply chains per Moody’s '
'report)',
'downtime': 'Weeks (September to early October 2023)',
'financial_loss': '$735M (post-tax loss for Q2)',
'operational_impact': 'Production halt for weeks, 24% drop in '
'wholesale units, 24% revenue decline in Q2',
'revenue_loss': '$6.45B (Q2 revenue, down 24% YoY)',
'systems_affected': ['Production systems',
'Supply chain networks']},
'initial_access_broker': {'entry_point': 'Suspected social engineering',
'high_value_targets': ['Production systems',
'Supply chain data']},
'investigation_status': 'Ongoing (threat actor linked to prior attacks but '
'not fully identified)',
'lessons_learned': ['Need for better third-party risk monitoring in supply '
'chains (per Moody’s report)',
'Importance of limiting information sharing with '
'suppliers',
'Ranking suppliers by cyber risk exposure'],
'post_incident_analysis': {'corrective_actions': ['Phased recovery protocol',
'Supplier financing support',
'Risk ranking for suppliers '
'(per Moody’s)'],
'root_causes': ['Social engineering vulnerability',
'Supply chain interconnectedness',
'Timing during high-volume '
'production month']},
'recommendations': ['Enhance supply chain cybersecurity resilience',
'Implement stricter access controls and supplier vetting',
'Develop contingency plans for critical production '
'periods'],
'references': [{'source': 'Jaguar Land Rover Q2 Earnings Call (2023-10-27)'},
{'source': 'Cyber Monitoring Center Report'},
{'source': 'Moody’s Report on European Supply Chain Risks '
'(2023-10-30)'}],
'response': {'communication_strategy': ['Earnings call disclosure '
'(2023-10-27)',
'Public statements'],
'containment_measures': ['System shutdown', 'Phased restart'],
'incident_response_plan_activated': 'Yes (phased recovery '
'prioritizing clients, '
'retailers, and suppliers)',
'recovery_measures': ['Financing solution for suppliers',
'Calibrated operational resumption'],
'third_party_assistance': 'Yes (UK government-backed $659M loan '
'package for suppliers)'},
'stakeholder_advisories': ['UK government loan package for suppliers',
'Moody’s risk assessment for European '
'manufacturers'],
'threat_actor': 'Threat group linked to the April 2023 Marks & Spencer attack',
'title': 'Cyberattack on Jaguar Land Rover Disrupts Production and Supply '
'Chain',
'type': ['Cyberattack', 'Supply Chain Disruption', 'Social Engineering']}