Jaguar Land Rover (JLR) suffered a late-summer cyberattack that severely disrupted automotive production for weeks, forcing a phased restart in early October. The attack occurred in September 2023, a critical month marking the start of the 2026 Range Rover model year and the U.K.’s new vehicle registration plate period. Revenue plummeted 24% year-over-year to $6.45 billion, with wholesale units dropping 24% due to halted operations. The incident crippled JLR’s supply chain, impacting ~5,000 organizations and prompting a $659 million emergency financing package for suppliers. The British economy lost an estimated $2.5 billion, leading U.K. officials to intervene with a stabilization loan.The attack, suspected to be a social engineering breach by a threat group linked to the April 2023 Marks & Spencer hack, caused $313 million in exceptional costs, including recovery expenses and a voluntary cost-cutting program. JLR reported a $638 million pre-tax loss and a $735 million net loss for the quarter. Production shutdowns, delayed model launches, and supply chain chaos underscored the attack’s operational and financial devastation, with Moody’s warning of escalating third-party cyber risks in Europe’s interconnected manufacturing networks.
JLR cybersecurity rating report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "JAG0092700111825",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "4/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Automotive',
'location': 'United Kingdom',
'name': 'Jaguar Land Rover (JLR)',
'size': 'Large (largest UK automaker)',
'type': 'Automaker'},
{'industry': ['Automotive',
'Manufacturing',
'Logistics'],
'location': 'Multiple countries (Europe-focused)',
'name': '5,000+ supplier organizations',
'type': 'Supply Chain Partners'}],
'attack_vector': 'Social Engineering',
'date_detected': '2023-09',
'date_publicly_disclosed': '2023-10-27',
'date_resolved': '2023-10-01',
'description': 'Jaguar Land Rover (JLR) experienced a cyberattack in late '
'summer (September 2023) that disrupted automotive production '
'for weeks, leading to a 24% revenue drop in Q2 FY2024. The '
'attack, suspected to be a social engineering incident, was '
'claimed by the same threat group linked to the April 2023 '
'attack on Marks & Spencer. It forced JLR to halt systems '
'during a critical production month, impacting 5,000+ '
'organizations in its supply chain. The company reported a '
'pre-tax loss of $638M, with exceptional costs of $313M tied '
'to the attack. The British economy lost ~$2.5B, prompting UK '
'officials to back a $659M loan package to stabilize '
'suppliers. JLR prioritized phased recovery, resuming '
'operations in early October.',
'impact': {'brand_reputation_impact': 'Significant (highlighted risks in '
'European supply chains per Moody’s '
'report)',
'downtime': 'Weeks (September to early October 2023)',
'financial_loss': '$735M (post-tax loss for Q2)',
'operational_impact': 'Production halt for weeks, 24% drop in '
'wholesale units, 24% revenue decline in Q2',
'revenue_loss': '$6.45B (Q2 revenue, down 24% YoY)',
'systems_affected': ['Production systems',
'Supply chain networks']},
'initial_access_broker': {'entry_point': 'Suspected social engineering',
'high_value_targets': ['Production systems',
'Supply chain data']},
'investigation_status': 'Ongoing (threat actor linked to prior attacks but '
'not fully identified)',
'lessons_learned': ['Need for better third-party risk monitoring in supply '
'chains (per Moody’s report)',
'Importance of limiting information sharing with '
'suppliers',
'Ranking suppliers by cyber risk exposure'],
'post_incident_analysis': {'corrective_actions': ['Phased recovery protocol',
'Supplier financing support',
'Risk ranking for suppliers '
'(per Moody’s)'],
'root_causes': ['Social engineering vulnerability',
'Supply chain interconnectedness',
'Timing during high-volume '
'production month']},
'recommendations': ['Enhance supply chain cybersecurity resilience',
'Implement stricter access controls and supplier vetting',
'Develop contingency plans for critical production '
'periods'],
'references': [{'source': 'Jaguar Land Rover Q2 Earnings Call (2023-10-27)'},
{'source': 'Cyber Monitoring Center Report'},
{'source': 'Moody’s Report on European Supply Chain Risks '
'(2023-10-30)'}],
'response': {'communication_strategy': ['Earnings call disclosure '
'(2023-10-27)',
'Public statements'],
'containment_measures': ['System shutdown', 'Phased restart'],
'incident_response_plan_activated': 'Yes (phased recovery '
'prioritizing clients, '
'retailers, and suppliers)',
'recovery_measures': ['Financing solution for suppliers',
'Calibrated operational resumption'],
'third_party_assistance': 'Yes (UK government-backed $659M loan '
'package for suppliers)'},
'stakeholder_advisories': ['UK government loan package for suppliers',
'Moody’s risk assessment for European '
'manufacturers'],
'threat_actor': 'Threat group linked to the April 2023 Marks & Spencer attack',
'title': 'Cyberattack on Jaguar Land Rover Disrupts Production and Supply '
'Chain',
'type': ['Cyberattack', 'Supply Chain Disruption', 'Social Engineering']}