The Wall Street Journal
By
Dominic Chopping
Follow
Updated Sept. 29, 2025 6:39 am ET
Jaguar Land Rover discovered a cyberattack late last month, forcing the company to shut down its computer systems and halt production.
Jaguar Land Rover will restart some sections of its manufacturing operations in the coming days, as it begins its recovery from a cyberattack that has crippled production for around a month.
“As the controlled, phased restart of our operations continues, we are taking further steps towards our recovery and the return to manufacture of our world‑class vehicles,” the company said in a statement Monday.
The news comes a day after the U.K. government stepped in to provide financial support for the company, underwriting a 1.5 billion-pound ($2.01 billion) loan guarantee in a bid to support the company’s cash reserves and help it pay suppliers.
The loan will be provided by a commercial bank and is backed by the government’s export credit agency. It will be paid back over five years.
“Jaguar Land Rover is an iconic British company which employs tens of thousands of people,” U.K. Treasury Chief Rachel Reeves said in a statement Sunday.
“Today we are protecting thousands of those jobs with up to 1.5 billion pounds in additional private finance, helping them support their supply chain and protect a vital part of the British car industry,” she added.
The U.K. automaker, owned by India’s Tata Motors, discovered a cyberattack late last month, forcing the company to shut down its computer systems and halt production.
The company behind Land Rover, Jaguar and Range Rover models, has been forced to repeatedly extend the production shutdown over the past few weeks as it races to restart systems safely with the help of cybersecurity experts flown in from around the globe, the U.K.’s National Cyber Security Centre and law enforcement.
Last week, the company began a gradual restart of its operations, bringing some IT systems back online. It has informed suppliers and retail partners that sections of its digital network is back up and running, and processing capacity for invoicing has been increased as it works to quickly clear the backlog of payments to suppliers.
JLR has U.K. plants in Solihull and Wolverhampton in the West Midlands, in addition to Halewood in Merseyside. It is one of the U.K.’s largest exporters and a major employer, employing 34,000 directly in its U.K. operations. It also operates the largest supply chain in the U.K. automotive sector, much of it made up of small- and medium-sized enterprises, and employing around 120,000 people, according to the government.
Labor unions had warned that thousands of jobs in the JLR supply chain were at risk due to the disruption and had urged the government to step in with a furlough plan to support them.
U.K. trade union Unite, which represents thousands of workers employed at JLR and throughout its supply chain, said the government’s loan guarantee is an important first step.
“The money provided must now be used to ensure job guarantees and to also protect skills and pay in JLR and its supply chain,” Unite general secretary Sharon Graham said in a statement.
bbc.com 12.09 Theo LeggettBusiness correspondent
The past two weeks have been dreadful for Jaguar Land Rover (JLR), and the crisis at the car maker shows no sign of coming to an end.
A cyber attack, which first came to light on 1 September, forced the manufacturer to shut down its computer systems and close production lines worldwide.
Its factories in Solihull, Halewood, and Wolverhampton are expected to remain idle until at least Wednesday, as the company continues to assess the damage.
JLR is thought to have lost at least £50m so far as a result of the stoppage. But experts say the most serious damage is being done to its network of suppliers, many of whom are small and medium sized businesses.
The government is now facing calls for a furlough scheme to be set up, to prevent widespread job losses.
David Bailey, professor of business economics at Birmingham Business School, told the BBC: "There's anywhere up to a quarter of a million people in the supply chain for Jaguar Land Rover.
"So if there's a knock-on effect from this closure, we could see companies going under and jobs being lost".
Under normal circumstances, JLR would expect to build more than 1,000 vehicles a day, many of them at its UK plants in Solihull and Halewood. Engines are assembled at its Wolverhampton site. The company also has large car factories in China and Slovakia, as well as a smaller facility in India.
JLR said it closed down its IT networks deliberately in order to protect them from damage. However, because its production and parts supply systems are heavily automated, this meant cars simply could not be built.
Sales were also heavily disrupted, though workarounds have since been put in place to allow dealerships to operate.
Initially, the carmaker seemed relatively confident the issue could be resolved quickly.
Nearly two weeks on, it has become abundantly clear that restarting its computer systems has been a far from simple process. It has already admitted that some data may have been seen or stolen, and it has been working with the National Cyber Security Centre to investigate the incident.
Experts say the cost to JLR itself is likely to be between £5m and £10m per day, meaning it has already lost between £50m and £100m. However, the company made a pre-tax profit of £2.5bn in the year to the end of March, which implies it has the financial muscle to weather a crisis that lasts weeks rather than months.
'Some suppliers will go bust'
JLR sits at the top of a pyramid of suppliers, many of whom are highly dependent on the carmaker because it is their main customer.
They include a large number of small and medium-sized firms, which do not have the resources to cope with an extended interruption to their business.
"Some of them will go bust. I would not be at all surprised to see bankruptcies," says Andy Palmer, a one-time senior executive at Nissan and former boss of Aston Martin.
He believes suppliers will have begun cutting their headcount dramatically in order to keep costs down.
Mr Palmer says: "You hold back in the first week or so of a shutdown. You bear those losses.
"But then, you go into the second week, more information becomes available – then you cut hard. So layoffs are either already happening, or are being planned."
A boss at one smaller JLR supplier, who preferred not to be named, confirmed his firm had already laid off 40 people, nearly half of its workforce.
Meanwhile, other companies are continuing to tell their employees to remain at home with the hours they are not working to be "banked", to be offset against holidays or overtime at a later date.
There seems little expectation of a swift return to work.
One employee at a major supplier based in the West Midlands told the BBC they were not expecting to be back on the shop floor until 29 September. Hundreds of staff, they say, had been told to remain at home.
When automotive firms cut back, temporary workers brought in to cover busy periods are usually the first to go.
There is generally a reluctance to get rid of permanent staff, as they often have skills that are difficult to replace. But if cashflow dries up, they may have little choice.
Labour MP Liam Byrne, who chairs the Commons Business and Trade Committee, says this means government help is needed.
"What began in some online systems is now rippling through the supply chain, threatening a cashflow crunch that could turn a short-term shock into long-term harm", he says.
"We cannot afford to see a cornerstone of our advanced manufacturing base weakened by events beyond its control".
The trade union Unite has called for a furlough system to be set up to help automotive suppliers. This would involve the government subsidising workers' pay packets while they are unable to do their jobs, taking the burden off their employers.
"Thousands of these workers in JLR's supply chain now find their jobs are under an immediate threat because of the cyber attack," says Unite general secretary, Sharon Graham.
"Ministers need to act fast and introduce a furlough scheme to ensure that vital jobs and skills are not lost while JLR and its supply chain get back on track."
Business and Trade Minister Chris Bryant said: "We recognise the significant impact this incident has had on JLR and their suppliers, and I know this is a worrying time for those affected.
"I met with the chief executive of JLR yesterday to discuss the impact of the incident. We are also in daily contact with the company and our cyber experts about resolving this issue."
bbc.com Chris VallanceSenior Technology Reporter andTheo Leggett International Business Correspondent 3.09.2025
Staff were sent home and the company shut down its IT systems in an effort to minimise the damage done.
A cyber-attack has "severely disrupted" Jaguar Land Rover (JLR) vehicle production, including at its two main UK plants.
The company, which is owned by India's Tata Motors, said it took immediate action to lessen the impact of the hack and is working quickly to restart operations.
JLR's retail business has also been badly hit at a traditionally a popular time for consumers to take delivery of a new vehicle - but there is no evidence any customer data had been stolen, it said.
The attack began on Sunday as the latest batch of new registration plates became available on Monday, 1 September.
The BBC understands that the attack was detected while in progress, and the company shut down its IT systems in an effort to minimise any damage.
Workers at the company's Halewood plant in Merseyside were told by email early on Monday morning not to come into work while others were sent home, as first reported by the Liverpool Echo.
The BBC understands the attack has also hit JLR's other main UK manufacturing plant at Solihull, with staff there also sent home.
The company said: "We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner."
It added: "At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted."
It is not yet known who is responsible for the hack, but it follows crippling attacks on prominent UK retail businesses including Marks & Spencer and the Co-op.
In both cases, the hackers sought to extort money.
While JLR's statement makes no mention of a cyber-attack, a separate filing by parent company Tata Motors to the Bombay Stock Exchange referred to an "IT security incidence" causing "global" issues.
The National Crime Agency said: "We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact."
In 2023, as part of an effort to "accelerate digital transformation across its business", JLR signed a five-year, £800m deal with corporate stablemate Tata Consultancy Services to provide cybersecurity and a range of other IT services.
The halt in production is a fresh blow to the firm which recently revealed a slump in profits attributed to increasing in costs caused by US tariffs.
