Jaguar Land Rover cyberattack

The Jaguar Land Rover cyberattack is a supply chain attack^{[dubious – discuss]} aimed at Jaguar Land Rover.^[1][2][3]

The attack began on 31 August 2025.^[1] Jaguar Land Rover paused production on 1 September 2025, and by 22 September it had caused production lines at Jaguar Land Rover to cease all production for three weeks, with staff told to stay at home.^[2][4]

Initially, the production systems were to be restarted on 24 September, but on 23 September 2025, Jaguar Land Rover announced the pause on production would continue until 1 October.^[2][3]

The Department for Business and Trade and Society of Motor Manufacturers and Traders issued a joint statement in which they said the attack had a significant effect on Jaguar Land Rover and the broader supply chain for car manufacturers.^[5]

MP Liam Byrne described the attack as a "digital siege" that is seeing supply chain workers "laid off in their hundreds".^[4] He also said that "We fear if the government doesn't step up soon, people will be laid off in their thousands."^[4]

Unite has said that supply chain staff have been advised to apply for Universal Credit.^[4][6]

Jamie MacColl, a researcher at Royal United Services Institute, said "It seems unprecedented in the UK to have that level of disruption because of a cyberattack or ransomware attack" and that thousands of jobs could be put at risk is "a different order of magnitude".^[2]

Jaguar Land Rover has not revealed the impact on the company, but a criminal investigation has begun.^[4]

Jaguar Land Rover said that they have delayed restarting production as a "forensic investigation" is in progress.^[4]

The attack is believed to be costing the company ₤50 million a week.^[4][2]

Shortly after the attack, a groups calling itself Scattered Lapsus$ Hunters on Telegram claimed responsibility for the attack.^[2] This suggested collarboration between Scattered Spider, Lapsus$ and ShinyHunters, three English-speaking cybercrime groups.^[2]