Jaguar Land Rover (JLR) has been grappling with a major cyber-attack since the end of August/first days of September 2025, a breach that forced the manufacturer to take large parts of its global IT estate offline and suspend production while a forensic investigation takes place.
The company first acknowledged the incident in a statement published on 2 September, saying it had “taken immediate action to mitigate its impact by proactively shutting down our systems” and that it was “working at pace to restart our global applications in a controlled manner.”
The shutdown has not been short. JLR halted key systems at the end of August and by mid-September the factory stoppage had stretched into its third week, with the company saying production disruptions would continue until at least 24 September. The prolonged pause has affected tens of thousands of workers and dealers worldwide as retail and manufacturing activities remain severely disrupted while engineers and external forensic teams investigate.
Image: Jaguar Land Rover
Quantifying the financial hit is still imprecise, but analysts and reporters have offered widely differing estimates. JLR itself has not published a firm cost figure; independent coverage has put daily losses in a broad range. Car and Driver reported an estimate of roughly $6.8m (around £5–6m) per day based on typical output figures, while other outlets have cited much larger numbers.
The Guardian reported an estimated loss of about £72m per day, using broader assumptions about knock-on supply and sales impacts. Taken together, the coverage suggests JLR’s losses already run into many tens of millions of pounds and could reach into the low hundreds of millions if the outage and recovery drag on.
Beyond lost production, the incident has become materially more serious because JLR has confirmed that “some data has been affected” and that it is informing the relevant regulators as its forensic work continues.
Earlier in the response the firm had said there was “no evidence any customer data has been stolen,” but later updates noted the investigation’s findings had evolved and that the company would contact “anyone as appropriate if we find that their data has been impacted.” The National Cyber Security Centre (NCSC) said it was providing support to JLR as the incident unfolded.
Operationally, JLR has described recovery as a controlled, phased process. The company is rebuilding and restarting global applications “in a controlled manner”, coordinating forensic analysis with third-party specialists, and working with government cyber bodies.
That staged approach aims to limit the risk of re-infection or secondary failures in complex, interconnected manufacturing and retail systems — but it also slows the pace at which normal production and dealer services can resume. JLR has apologised for the disruption and said it will continue to update stakeholders as the investigation progresses.
The wider industry and supply chain have been affected too. Unite and other groups have warned of the impact on jobs and suppliers, while dealers and logistics partners have reported problems accessing ordering and tracking systems. Reports about uncertainty over the location of completed vehicles circulated in the press; JLR publicly denied that it had “lost track” of cars, saying it “has full visibility and control of vehicles through tracking processes from the factory to market.” Whether all downstream operational issues are resolved remains a core question for the recovery phase.
What happens next will depend on the speed and thoroughness of the forensic and remediation work, the nature of any data compromise, and how quickly JLR can re-test and safely restart critical IT and operational systems.
For now, the immediate priorities declared by the company — contain, investigate, remediate and notify where required — look typical for a serious enterprise incident, but the visible effects on production, dealer services and the balance sheet underline how materially vulnerable a modern, software-dependent manufacturer can be to cyber disruption.
