The Jaguar Land Rover cyberattack is a supply chain attack aimed at Jaguar Land Rover. [1] [2] [3]
The attack began on 31 August 2025. [1] Jaguar Land Rover paused production on 1 September 2025, and by 22 September it had caused production lines at Jaguar Land Rover to cease all production for three weeks, with staff told to stay at home. [2] [4]
Initially, the production systems were to be restarted on 24 September, but on 23 September 2025, Jaguar Land Rover announced the pause on production would continue until 1 October. [2] [3]
The Department for Business and Trade and Society of Motor Manufacturers and Traders issued a joint statement in which they said the attack had a significant effect on Jaguar Land Rover and the broader supply chain for car manufacturers. [5]
MP Liam Byrne described the attack as a "digital siege" that is seeing supply chain workers "laid off in their hundreds". [4] He also said that "We fear if the government doesn't step up soon, people will be laid off in their thousands." [4]
Unite has said that supply chain staff have been advised to apply for Universal Credit. [4] [6]
Jamie MacColl, a researcher at Royal United Services Institute, said "It seems unprecedented in the UK to have that level of disruption because of a cyberattack or ransomware attack" and that thousands of jobs could be put at risk is "a different order of magnitude". [2]
Jaguar Land Rover has not revealed the impact on the company, but a criminal investigation has begun. [4]
Jaguar Land Rover said that they have delayed restarting production as a "forensic investigation" is in progress. [4]
The attack is believed to be costing the company ₤50 million a week. [4] [2]
Shortly after the attack, a groups calling itself Scattered Lapsus$ Hunters on Telegram claimed responsibility for the attack. [2] This suggested collarboration between Scattered Spider, Lapsus$ and ShinyHunters, three English-speaking cybercrime groups. [2]