Jaguar Land Rover (JLR) has confirmed that the cyberattack, which halted its operations, has also led to data theft, affecting everything from vehicle production to supplier access. What began as an IT outage has quickly escalated into a global supply chain challenge.
Since 31 August, JLR’s key manufacturing sites in Solihull (Birmingham), Halewood and Wolverhampton have been shut down. Thousands of workers have been sent home, with no clear return date. Internal systems remain paralysed, impacting vehicle production, supplier management and even routine operations across the business.
The disruption isn’t limited to factories. Vehicle registrations have stalled at dealerships, preventing customers from collecting new cars during one of the busiest sales periods of the year. The shutdown has also caused a ripple effect across JLR’s dealer network, stopping deliveries and routine servicing.
Financially, the cost of the incident is estimated to be around £5m per day. With JLR usually generating around £75m in daily revenue, even short-term disruption is proving extremely expensive.
Suppliers are heavily affected too. With digital systems offline, they can’t order parts, track shipments or process invoices. Many rely on direct access to JLR’s infrastructure, which remains down, leaving production schedules in chaos across the wider supply chain.
JLR has confirmed that internal data has been stolen in the attack. While the company has not disclosed the type or volume of information involved, regulators have been alerted, and individuals directly impacted will be notified. The Information Commissioner’s Office (ICO) is now monitoring the situation closely.
If customer or employee information is part of the stolen data, JLR could face not just financial penalties but also significant reputational damage.
Although JLR has not confirmed who is responsible, cybercriminal groups such as Scattered Spider, Lapsus$ and ShinyHunters are being linked to the incident. These groups have a history of targeting large firms, stealing data and leveraging ransomware.
Screenshots from JLR’s internal IT systems have already appeared online, suggesting attackers are making their presence known.
The incident highlights a growing risk for the automotive industry. Modern manufacturers rely on complex, interconnected digital systems that stretch across global suppliers, dealerships and service providers. When these systems are compromised, the impact goes far beyond a single company.
JLR now faces the challenge of restoring trust with customers, suppliers and partners while regaining full control of its IT environment.
We hope you’ve liked this blog. Stay tuned for more blogs like this. Stay safe!
