Jaguar Land Rover (JLR) suffered a severe cyberattack in September 2025, claimed by the cybercrime group **Scattered Lapsus$ Hunters**, which forced the shutdown of major production plants and disrupted operations for weeks. The attack resulted in **£196 million ($220 million) in direct financial losses** for Q2 (July–September 2025), with stolen data confirmed. The incident caused **production halts, supply chain disruptions, and liquidity crises for suppliers**, leading to a **pre-tax loss of £485 million** (vs. a £398m profit the prior year). The **UK Government intervened with a £1.5 billion loan guarantee** to stabilize operations, which restarted in a phased manner by October 8, 2025. The **Bank of England cited the attack as a key factor in the UK’s weaker-than-expected Q3 2025 GDP**, highlighting its broader economic impact. Despite stabilization, the attack severely damaged profitability, with **EBIT margins dropping to -8.6% (from 5.1% YoY)** and long-term financial strain evident.
JLR cybersecurity rating report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "JAG2592025111525",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Automotive',
'location': 'United Kingdom',
'name': 'Jaguar Land Rover (JLR)',
'size': 'Large (Global Enterprise)',
'type': 'Automotive Manufacturer'}],
'data_breach': {'data_exfiltration': True},
'date_publicly_disclosed': '2025-09-02',
'date_resolved': '2025-10-08',
'description': 'Jaguar Land Rover (JLR) suffered a cyberattack announced on '
'September 2, 2025, which forced the shutdown of major '
'production plants and resulted in data theft. The attack was '
'claimed by the cybercrime group Scattered Lapsus$ Hunters. '
'The incident caused significant financial losses (£196 '
'million in Q3 2025), disrupted supply chains, and led to a UK '
'Government intervention with a £1.5 billion loan guarantee to '
'restore operations. Production resumed by October 8, 2025, '
"after weeks of downtime. The attack severely impacted JLR's "
'profitability, with Q2 losses before tax reaching £485 '
'million, down from a profit of £398 million the previous '
'year. The Bank of England cited the incident as a key factor '
"in the UK's weaker-than-expected Q3 2025 GDP.",
'impact': {'brand_reputation_impact': 'Significant (cited as a factor in UK '
'GDP decline; likely erosion of '
'stakeholder trust)',
'data_compromised': True,
'downtime': 'Approximately 5 weeks (from September 2, 2025, to '
'October 8, 2025)',
'financial_loss': '£196 million (Q3 2025)',
'operational_impact': ['Production Halt',
'Supply Chain Disruption',
'Staff Sent Home',
'Reduced Sales Volumes'],
'revenue_loss': 'Loss before tax: £485 million (Q2 2025), down '
'from £398 million profit (Q2 2024); EBIT margin '
'dropped to -8.6% (Q2 2025) from 5.1% (Q2 2024)',
'systems_affected': ['Production Plants',
'Supply Chain Systems',
'Parts Logistics',
'Supplier Financing']},
'initial_access_broker': {'high_value_targets': ['Production Systems',
'Supply Chain Data']},
'investigation_status': 'Resolved (Operations Stabilized)',
'motivation': ['Financial Gain', 'Disruption'],
'post_incident_analysis': {'corrective_actions': ['Government Financial '
'Intervention',
'Restoration of Supply '
'Chain and Logistics',
'Maintenance of Investment '
'Spending (£18 billion over '
'5 years)']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Jaguar Land Rover Financial Results (Q3 2025)'},
{'source': 'Bank of England Monetary Policy Report (Q3 2025)'},
{'source': 'JLR Public Statements (September 2025)'}],
'response': {'communication_strategy': ['Public Disclosure (September 2, '
'2025)',
'Follow-up Statements on Data Theft '
'and Government Intervention',
'Financial Results Publication (Q3 '
'2025)'],
'containment_measures': ['Shutdown of Production Plants',
'Isolation of Affected Systems '
'(implied)'],
'incident_response_plan_activated': True,
'recovery_measures': ['Phased Restart of Production (completed '
'by October 8, 2025)',
'Restoration of Wholesale, Parts '
'Logistics, and Supplier Financing']},
'stakeholder_advisories': ['UK Government Loan Guarantee (£1.5 billion)',
'Bank of England GDP Impact Assessment'],
'threat_actor': 'Scattered Lapsus$ Hunters',
'title': 'Cyberattack on Jaguar Land Rover (JLR) Disrupts Production and '
'Incurs £196 Million in Costs',
'type': ['Cyberattack',
'Data Breach',
'Operational Disruption',
'Ransomware (implied by data theft and disruption)']}