In September 2025, Jaguar Land Rover (JLR) suffered a severe cyberattack attributed to the group **Scattered Lapsus$ Hunters**, forcing a **halt in global production and retail operations** for nearly a month. The attack disrupted systems at the **Solihull production plant**, blocked **car registrations**, and crippled **parts supply chains**, leading to a **£196 million ($220M) financial loss** in Q2 2025. While JLR initially stated **no customer data was stolen**, it later confirmed a **data breach** without specifying the compromised information. The incident caused a **24% year-on-year revenue drop** in Q2, pushing the company into a **£485M pre-tax loss**. The UK government intervened with a **£1.5B support package** to stabilize JLR’s supply chain and protect 120,000+ jobs. The Bank of England noted the attack **weakened UK Q3 2025 GDP growth**, highlighting its broader economic impact. The attack **stopped factory operations**, disrupted **dealer networks**, and required a **controlled restart of global systems**, demonstrating critical operational and financial damage.
JLR cybersecurity rating report: https://www.rankiteo.com/company/jaguar-land-rover_1
"id": "JAG5993659111725",
"linkid": "jaguar-land-rover_1",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'automotive',
'location': 'Whitley, Coventry, UK',
'name': 'Jaguar Land Rover (JLR)',
'size': '34,000 employees (direct); supports 120,000 '
'jobs via supply chain',
'type': 'luxury vehicle manufacturer'}],
'customer_advisories': ['Initial statement claimed no evidence of customer '
'data theft; later confirmed data breach without '
'details'],
'data_breach': {'data_exfiltration': True},
'date_detected': '2025-09-01',
'date_publicly_disclosed': '2025-09-01',
'date_resolved': '2025-10-08',
'description': 'Jaguar Land Rover (JLR) suffered a major cyberattack in '
"September 2025, claimed by the group 'Scattered Lapsus$ "
"Hunters,' which disrupted production, retail operations, and "
'led to a data breach. The incident halted production at the '
'Solihull plant, blocked car registrations, and disrupted '
'parts supply. The attack cost JLR £196 million in Q2 2025, '
'contributing to a 24% year-on-year revenue decline. The UK '
'government provided a £1.5 billion support package to '
"stabilize the company's supply chain and operations.",
'impact': {'data_compromised': True,
'downtime': '~38 days (from early September to October 8, 2025)',
'financial_loss': '£196 million (Q2 2025)',
'operational_impact': ['halted production',
'blocked car registrations',
'disrupted parts supply',
'24% YoY revenue decline in Q2'],
'revenue_loss': '£4.9bn in Q2 (down 24% YoY); £11.5bn in H1 (down '
'16% YoY)',
'systems_affected': ['production systems',
'retail operations',
'Solihull production plant',
'car registration systems',
'parts supply chain']},
'investigation_status': 'Ongoing (as of November 2025)',
'references': [{'date_accessed': '2025-11-17',
'source': 'SecurityAffairs',
'url': 'https://securityaffairs.com'},
{'source': 'Jaguar Land Rover Financial Results (Q2 2025)'},
{'date_accessed': '2025-09-28',
'source': 'UK Government Announcement (Support Package)'},
{'source': 'Bank of England Q3 2025 GDP Report'}],
'response': {'communication_strategy': ['public statements on mitigation '
'efforts',
'financial impact disclosure'],
'containment_measures': ['proactive shutdown of systems'],
'incident_response_plan_activated': True,
'recovery_measures': ['controlled restart of global '
'applications']},
'stakeholder_advisories': ['UK government support package (£1.5 billion) to '
'stabilize supply chain and operations'],
'threat_actor': 'Scattered Lapsus$ Hunters',
'title': 'Jaguar Land Rover Cyberattack and Data Breach (September 2025)',
'type': ['cyberattack', 'data breach', 'production disruption']}