Jaguar Land Rover cyberattack


The Jaguar Land Rover cyberattack is a 2025 cyberattack aimed at the British automotive manufacturer Jaguar Land Rover. It is believed to be the most damaging cyberattack in British history, with an estimated eventual total damage to the British economy of £1.9billion.

Attack

The attack began on 31 August 2025. Jaguar Land Rover paused production on 1 September 2025, and by 22 September it had caused production lines at Jaguar Land Rover to cease all production for three weeks, with staff told to stay at home.
Initially, the production systems were to be restarted on 24 September, but on 23 September 2025, Jaguar Land Rover announced the pause on production would continue until 1 October.

Impact

The Department for Business and Trade and Society of Motor Manufacturers and Traders issued a joint statement in which they said the attack had a significant effect on Jaguar Land Rover and the broader supply chain for car manufacturers.
MP Liam Byrne described the attack as a "digital siege" that is seeing supply chain workers "laid off in their hundreds". He also said that "We fear if the government doesn't step up soon, people will be laid off in their thousands."
Unite has said that supply chain staff have been advised to apply for Universal Credit.
Jamie MacColl, a researcher at Royal United Services Institute, said "It seems unprecedented in the UK to have that level of disruption because of a cyberattack or ransomware attack" and that thousands of jobs could be put at risk is "a different order of magnitude".
Jaguar Land Rover has not revealed the impact on the company, but a criminal investigation has begun.
Jaguar Land Rover said that they had delayed restarting production as a "forensic investigation" is in progress. The cost to the company is estimated at £50million per week.
As of 22 October, JLR was slowly restarting parts of its production processes.
On 7 November, the Bank of England said that the cyberattack was one reason for slower GDP growth, with weaker exports to the United States as the other.

Attackers

Shortly after the attack, a group calling itself Scattered Lapsus$ Hunters on Telegram claimed responsibility for the attack. This suggested collaboration between Scattered Spider, Lapsus$ and ShinyHunters, three English-speaking cybercrime groups.