JLR extends production shutdown following cyberattack
JLR has been forced to extend the shutdown of global operations following a cyberattack on August 31 that affected its production and retail operations.
On September 2 the carmaker was forced to take global systems offline after it discovered the cyberattack. JLR’s UK operations including vehicle plants at Halewood and Solihull, its Wolverhampton engine facility and its Castle Bromwich parts plant, along with production facilities in Slovakia, China and India, have all been affected.
A group calling itself Scattered Lapsus$ Hunters claimed responsibility for the hack. The same group has been behind a number of other high-profile attacks on retailers this year, including Marks & Spencer and Co-op. According to Techzine, the group published screenshots of an internal SAP system at JLR and also claimed to have deployed ransomware on compromised servers.
While JLR said there was no evidence of customer data being compromised, operations have been affected and systems are being restored “in a controlled manner”.
Extended shutdown
Advertisement
This week JLR said it had extended its production halt until 24 September. “We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,” said the company in a statement.
The shutdown is reported to have cost JLR around $1 billion in revenue so far and is having a damaging impact on its suppliers who cannot dispatch parts or receive schedules, which is stopping operations across the supply chain.
The attack also comes during the September vehicle registration period and is disrupting the distribution of new vehicles and the dealerships trying to register them.
The financial impact comes after JLR reported a halving of profit in the second quarter of the year, in part because of the impact of US tariffs.
The carmaker said that wholesale volumes and revenues in the quarter were impacted by the 27.5% tariffs on vehicles and parts, but that the UK’s recent trade agreement with the US was a positive move that would “reduce the significant financial impact of US tariffs going forward”.
Industry 4.0 operations
Though it has not revealed exactly what was breached, JLR is now focused on upgrading its digital systems to make them more resilient. It has already been working hard over the last few years to transform manufacturing and supply chain operations up to an Industry 4.0 standard of efficiency and connectivity. Under the direction of Paulina Chmielarz, industrial operations digital and innovation director at JLR, the carmaker has been working to promote greater cross-functional collaboration between supply chain, procurement and manufacturing within JLR. It is ensuring teams are fully aligned in the shared use of good quality data, including an end-to-end view of the bill of materials (BOM) from engineering through to logistics and aftermarket.
At last year’s Automotive Logistics and Supply Chain Digital Strategies Europe conference, Simon Inskip, director of supply chain digital and innovation at JLR, counted compliance, climate and the switch to electric vehicles as three areas fraught with risk from potential threats. Being found to be non-compliant with regulation can impact a company’s ability to trade and that is a risk that JLR definitely has a containment strategy around, according to Inskip.
JLR has processes around data-fed risk detection, which Inskip described as a sensing platform but he said then that JLR had to move fast on its risk-sensing capability and was looking for greater data granularity and substance from its platform which required greater accuracy of input data.
Manufacturing a cyber target
In IBM X Force’s 2025 Threat Index Report manufacturing was identified as the number one industry targeted by cyberattacks for the last four years. The report said that manufacturers continued to experience significant impacts from attacks, including extortion (29%) and data theft (24%), targeting financial assets and intellectual property. Manufacturing was found to have had highest number of ransomware cases in 2024 as attackers continue to exploit outdated legacy technology in this industry.
The authors of the report said that data breaches are often only the start of larger and more coordinated campaigns and that cyber criminals were adopting generative AI as a new tool to attack companies with.
“AI and automated solutions can magnify the impact of infostealers, expedite the fabrication of credentials, and make it easier to amplify the speed and scale of intrusions at lower cost,” said the report.
