The UK’s largest carmaker has announced a further delay to restarting production after suffering a major cyber-attack earlier this month.
Jaguar Land Rover (JLR), which is owned by Indian multinational Tata Motors, made the announcement on its website.
“Today we have informed colleagues, suppliers and partners that we have extended the current pause in production until Wednesday 1 October 2025, following the cyber incident,” it revealed.
“We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.”
The carmaker added that it remained focused on “supporting our customers, suppliers, colleagues, and our retailers.”
However, unions have called for a government-backed furlough scheme after reports that some suppliers are facing bankruptcy.
Read more on JLR: JLR Extends Production Halt After Cyber-Attack.
The business secretary is set to meet JLR and supply chain workers today as concerns mount about the livelihoods of the 200,000 or so employees that work across hundreds of these suppliers. In many cases, JLR is their biggest client, meaning cascading job losses and closures are almost inevitable.
“Our teams continue to work around the clock alongside cybersecurity specialists, the NCSC and law enforcement to ensure we restart in a safe and secure manner,” JLR continued in its statement.
“We fully recognize this is a difficult time for all connected with JLR and we thank everyone for their continued support and patience.”
With the firm’s Solihull, Halewood and Wolverhampton plants still closed, JLR has already lost an estimated £120m in profits ($161.9m) and £1.7bn in revenue ($2.29bn). The latest extension to its production outage will mean the firm hasn’t produced any vehicles for a month.
‘Scattered Lapsus$ Hunters’ Claimed Responsibility
The self-styled ‘Scattered Lapsus$ Hunters’ group has claimed responsibility for the breach, having posted screenshots on Telegram of assets on JLR’s internal network.
However, the group’s method of initial access is still unconfirmed, although some reports claim exploitation of an SAP NetWeaver vulnerability. A critical vulnerability in the SAP software was patched by the vendor in April, and has been exploited by ransomware groups.
“To mitigate these risks, organizations should regularly test and update their business continuity and incident response plans, strengthen supply chain risk assessments, and adopt Zero Trust principles to limit attacker movement,” argued James McQuiggan, CISO advisor at KnowBe4.
“Just as important is addressing human risk, as social engineering remains the leading entry point for attackers. Ongoing security awareness, phishing simulations, and behavior analysis of users in a human risk management program help users recognize and resist malicious tactics.”
Photo credits: Tada Images / Yauhen_D / Shutterstock.com
