Jaguar Land Rover (JLR) suffered a **ransomware attack** last week, forcing a **complete shutdown of operations** and sending production staff home indefinitely. The attack, claimed by the **Scattered Spider** hacking group (linked to prior disruptions at British retailers like M&S), has caused **severe operational paralysis**, with global applications offline and forensic investigations ongoing. While JLR confirms **some data has been compromised**, the exact scope remains unclear, though regulators and potentially affected individuals are being notified.The incident has **crippled internal systems**, disrupted the **supply chain**, and halted production for over a week, with no immediate return-to-work timeline for employees. Though retail operations (sales/service) remain unaffected, the **financial and reputational damage** is significant, mirroring M&S’s £300m loss from a similar attack earlier this year. The company is coordinating with cybersecurity specialists and plans to brief MPs on Friday, while four arrests (on bail) have been made in connection with the attack. The **long-term impact on customer trust, regulatory penalties, and operational recovery** remains uncertain.
TPRM report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "jag0332103091025",
"linkid": "jaguar-land-rover_1",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Automotive',
'location': 'United Kingdom',
'name': 'Jaguar Land Rover (JLR)',
'type': 'Automotive Manufacturer'}],
'customer_advisories': 'None (retail operations unaffected)',
'date_detected': '2024-05-14T00:00:00Z',
'date_publicly_disclosed': '2024-05-15T00:00:00Z',
'description': 'Jaguar Land Rover (JLR) experienced a cyber attack that '
'disrupted operations, forcing a shutdown and sending staff '
'home. The company confirmed that some data was affected, '
'though the exact nature remains unclear. The attack was '
'claimed by the ransomware group Scattered Spider, which was '
'also linked to previous disruptions at British retailers like '
'M&S. JLR is working with third-party cybersecurity '
'specialists to investigate and restore systems, with '
'production expected to resume no earlier than the following '
'Monday. The incident has impacted output, internal systems, '
'and the supply chain, though retail operations (sales and '
'service) remain unaffected.',
'impact': {'brand_reputation_impact': 'Potential harm (public disclosure, '
'operational disruption)',
'data_compromised': True,
'downtime': 'At least one week (production halt from Tuesday to at '
'least next Monday)',
'operational_impact': ['Production shutdown',
'Staff sent home',
'Supply chain disruption'],
'systems_affected': ['Global applications',
'Internal systems',
'Supply chain']},
'investigation_status': 'Ongoing (forensic investigation in progress)',
'ransomware': {'data_exfiltration': True},
'references': [{'date_accessed': '2024-05-17T00:00:00Z',
'source': 'Sky News',
'url': 'https://news.sky.com'},
{'date_accessed': '2024-05-15T00:00:00Z',
'source': 'Jaguar Land Rover (JLR) Public Statement'}],
'regulatory_compliance': {'regulatory_notifications': True},
'response': {'communication_strategy': ['Public updates',
'Regulator notifications',
'MP briefing for affected '
'constituencies'],
'containment_measures': ['Shutdown of operations',
'Staff sent home'],
'incident_response_plan_activated': True,
'remediation_measures': ['Forensic investigation',
'Controlled restart of global '
'applications'],
'third_party_assistance': True},
'stakeholder_advisories': ['Briefing for MPs with constituencies containing '
'production sites'],
'threat_actor': 'Scattered Spider',
'title': 'Cyber Attack on Jaguar Land Rover (JLR)',
'type': ['Cyber Attack', 'Ransomware']}