Jaguar Land Rover (JLR), the UK’s largest car manufacturer and a subsidiary of Tata Motors, suffered a catastrophic cyberattack in September 2025, attributed to the hacker group *Scattered Lapsus$ Hunters*. The breach crippled its global IT infrastructure, halting production at key plants (Solihull, Halewood, Wolverhampton), disrupting supply chains, and exposing critical vulnerabilities in industrial cybersecurity. The attack caused an estimated **£1.9 billion ($2.5 billion)** in economic losses, including **£50 million ($67 million) per week** in direct losses for JLR, widespread supplier layoffs, and logistical collapse across the UK’s Midlands and North West. The UK government intervened with a **£1.5 billion emergency loan** to stabilize operations. The incident triggered stock market volatility for parent company Tata Motors, prompted policy debates on national cyber-resilience, and forced JLR to overhaul its cybersecurity with AI-driven monitoring and digital backups. Recovery efforts included phased production restarts by late October 2025, but the attack underscored the fragility of digitized manufacturing and its systemic economic risks.
TPRM report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "jag3032230102225",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Automotive',
'location': 'United Kingdom (HQ: Whitley, Coventry; '
'plants in Solihull, Halewood, '
'Wolverhampton)',
'name': 'Jaguar Land Rover (JLR)',
'size': '30,000+ employees; supports hundreds of '
'thousands indirectly via supply chain',
'type': 'Automotive Manufacturer'},
{'industry': 'Automotive',
'location': 'India (Mumbai)',
'name': 'Tata Motors',
'type': 'Parent Company'},
{'industry': ['Automotive',
'Manufacturing',
'Logistics'],
'location': 'United Kingdom (primarily Midlands and '
'North West regions)',
'name': 'UK Supply Chain Partners (Midlands & North '
'West)',
'type': ['Suppliers',
'Logistics Providers',
'Parts Manufacturers']}],
'attack_vector': ['IT Infrastructure Compromise',
'Supply Chain Exploitation',
'Internal Systems Breach'],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High (internal systems and '
'operational data)',
'type_of_data_compromised': 'Sensitive internal data (exact '
'types unspecified)'},
'date_detected': '2025-09-01',
'date_resolved': '2025-10-31',
'description': 'Jaguar Land Rover (JLR), a major UK automotive manufacturer, '
'suffered a devastating cyberattack in September 2025 that '
'disrupted production, halted supply chains, and caused an '
'estimated $2.5 billion loss to the UK economy. The attack, '
"attributed to the hacker group 'Scattered Lapsus$ Hunters,' "
'exposed vulnerabilities in industrial cybersecurity and '
'highlighted the risks of digital dependency in modern '
'manufacturing. Production at key plants (Solihull, Halewood, '
'Wolverhampton) was halted, leading to widespread economic and '
'operational fallout. The UK government intervened with a £1.5 '
'billion emergency loan guarantee to stabilize operations.',
'impact': {'brand_reputation_impact': ['Significant damage due to production '
'delays and supply chain failures',
'Investor concern over cyber '
'resilience'],
'data_compromised': 'Sensitive internal data (details unspecified)',
'downtime': 'Approximately 8 weeks (September–October 2025)',
'financial_loss': '$2.5 billion (£1.9 billion) to UK economy; £50 '
'million ($67 million) per week during shutdown',
'operational_impact': ['Full production halt at Solihull, '
'Halewood, Wolverhampton plants',
'Supply chain disruptions',
'Supplier layoffs and insolvency risks',
'Logistics and export delays'],
'revenue_loss': '£50 million ($67 million) per week during '
'shutdown (JLR); broader UK economic loss of £1.9 '
'billion ($2.5 billion)',
'systems_affected': ['Global IT Infrastructure',
'Production Lines',
'Logistics Systems',
'Supplier Networks',
'Dealership Networks']},
'initial_access_broker': {'high_value_targets': ['IT infrastructure',
'Production systems',
'Supplier networks']},
'investigation_status': 'Ongoing (as of late 2025); UK authorities and JLR '
'collaborating on forensic analysis',
'lessons_learned': ['Cybersecurity is a critical business priority, not a '
'technical afterthought.',
'Operational continuity plans must explicitly include '
'cyber-attack scenarios.',
'Investors should evaluate cyber risk management within '
'ESG frameworks, especially for AI/automation-heavy '
'firms.',
'Digital transformation increases efficiency but also '
'introduces significant cyber risks.',
'Supply chain resilience is directly tied to '
'cybersecurity posture.',
'Government-industry collaboration is essential for '
'critical infrastructure protection.'],
'motivation': ['Financial Gain', 'Disruption', 'Data Theft'],
'post_incident_analysis': {'corrective_actions': ['Multi-million-pound '
'investment in '
'cybersecurity '
'infrastructure',
'Implementation of AI-based '
'monitoring and real-time '
'threat detection',
'Phased production restart '
'with enhanced digital '
'safeguards',
'Government-backed '
'cyber-resilience '
'initiatives for critical '
'industries'],
'root_causes': ['Inadequate cybersecurity '
'protections for industrial '
'control systems',
'Over-reliance on interconnected '
'digital systems without '
'redundancy',
'Supply chain vulnerabilities '
'exploited by attackers',
'Delayed detection and response to '
'the breach']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Implement robust cybersecurity frameworks with real-time '
'monitoring and AI-driven threat detection.',
'Develop and test incident response plans that account '
'for supply chain disruptions.',
'Enhance third-party vendor cybersecurity compliance and '
'audits.',
'Invest in cyber-resilience funds and insurance reforms '
'for critical industries.',
'Prioritize digital backup systems and network '
'segmentation to limit attack spread.',
'Integrate cyber risk assessments into ESG reporting for '
'investor transparency.'],
'references': [{'source': 'Cyber Monitoring Centre'},
{'source': 'UK National Cyber Security Centre (NCSC)'},
{'source': 'Jaguar Land Rover Public Statements (2025)'}],
'regulatory_compliance': {'regulatory_notifications': ['UK National Cyber '
'Security Centre '
'(NCSC) involved',
'Potential future '
'cybersecurity '
'legislation reforms']},
'response': {'communication_strategy': ['Public statements on recovery '
'progress',
'Government coordination for economic '
'support'],
'containment_measures': ['Isolation of affected systems',
'Shutdown of production lines to limit '
'spread'],
'enhanced_monitoring': ['AI-based monitoring tools',
'Real-time threat detection systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Phased production restart (starting with '
'Wolverhampton engine plant)',
'Enhanced supplier network protections'],
'remediation_measures': ['Investment in cybersecurity '
'infrastructure',
'Digital backups',
'AI-based monitoring tools'],
'third_party_assistance': ['UK National Cyber Security Centre '
'(NCSC)',
'Cybersecurity Experts '
'(unspecified)']},
'stakeholder_advisories': ['UK government offered £1.5 billion emergency loan '
'guarantee',
'Parliamentary discussions on cybersecurity '
'legislation reforms'],
'threat_actor': ['Scattered Lapsus$ Hunters',
'Scattered Spider (suspected affiliation)',
'ShinyHunters (suspected affiliation)'],
'title': 'Jaguar Land Rover Cyberattack (2025)',
'type': ['Cyberattack',
'Supply Chain Disruption',
'Data Breach',
'Operational Shutdown']}