Jaguar Land Rover Resumes Production Following Month-Long Cyber Attack Disruption

Production Restart Underway

Jaguar Land Rover (JLR), the British luxury automaker, has initiated a phased resumption of its manufacturing operations, more than a month after a significant cyber attack crippled its IT systems on September 1, 2025. The disruption led to a widespread shutdown of production lines across its global facilities, including those in the United Kingdom, Slovakia, Brazil, and India.

The restart commenced on October 8, 2025, with the engine plant in Wolverhampton and battery plants in the West Midlands leading the way. Stamping operations at Castle Bromwich, Solihull, and Halewood also resumed. Vehicle production in Nitra, Slovakia, and the Range Rover and Range Rover Sport (MLA) lines in Solihull were slated to follow shortly thereafter. Adrian Mardell, JLR's Chief Executive Officer, remarked, 'This week marks an important moment for JLR and all our stakeholders as we now restart our manufacturing operations following the cyber incident.'

Significant Financial and Supply Chain Impact

The cyber attack inflicted substantial financial damage on JLR and its extensive supply chain. Estimates suggest a revenue loss of approximately ₹1.5 lakh crore, equivalent to about £1.5 billion. The company experienced a nearly 25% drop in sales volume over the three months ending September 2025, with wholesales in Q2 FY2026 falling by 24.2% year-on-year to 66,165 units. The incident was reportedly costing JLR as much as £50 million per week.

The disruption extended far beyond JLR's direct operations, severely impacting its supply chain. Over 75% of businesses in the West Midlands reported negative effects, with many facing acute cash flow pressures and some resorting to reduced staff hours. To mitigate the crisis, the UK government provided a £1.5 billion loan guarantee to support JLR and its affected suppliers.

Nature of the Attack and Recovery Efforts

While JLR has not disclosed the full details of the cyber attack, it is widely presumed to be a ransomware assault. The hacking collective known as Scattered Spider was mentioned in connection with the incident, with speculation of links to previous attacks on other British retailers.

In response, JLR took immediate action to shut down its systems and engaged a team of cybersecurity specialists, alongside the UK Government's National Cyber Security Centre (NCSC) and law enforcement agencies, to manage the incident and secure its systems. The company also introduced a new financing scheme to provide qualifying suppliers with upfront cash, aiming to alleviate financial strain and ensure a smoother return to full production.

Looking Ahead

The phased restart signifies a critical step in JLR's recovery process. While initial operations have resumed at key facilities, the company acknowledges that a full return to pre-attack production levels will take time. The incident has highlighted the vulnerabilities of interconnected industrial systems to cyber threats and the far-reaching economic consequences such attacks can have on complex supply chains.