Jaguar Land Rover Extends Production Halt Until September 24 Amid Cyberattack Investigation

Jaguar Land Rover (JLR), the iconic British automotive manufacturer owned by India’s Tata Motors, has announced an extension of its production shutdown until Wednesday, September 24, 2025, as it continues a forensic investigation into a major cyber incident that disrupted its global operations. The company confirmed the decision in a statement to employees, suppliers, and partners, citing the need for a controlled and secure restart of its systems.

 

The cyberattack, first detected on August 31, has crippled JLR’s IT infrastructure, forcing the automaker to halt vehicle production across its key UK facilities—including Halewood, Solihull, and Wolverhampton—as well as international sites in Slovakia, China, and India. The company is working with third-party cybersecurity experts and law enforcement agencies to contain the breach and restore operations.

 

A Global Disruption with Local Consequences

Under normal conditions, JLR produces approximately 1,000 vehicles per day, meaning the extended shutdown has already resulted in a significant loss of output. The ripple effects have reached deep into JLR’s supply chain, with several suppliers—including Evtec, WHS Plastics, SurTec, and OPmobility—reportedly laying off thousands of workers temporarily due to paused production orders.

 

Dealerships were also impacted, initially unable to register new vehicles or order essential parts. Although temporary workarounds have been implemented, the timing of the attack—coinciding with the release of new registration plates on September 1, a peak period for car sales—has compounded the disruption.

 

Forensic Investigation Underway

JLR has stated that the decision to extend the production pause was made as part of its ongoing forensic investigation, which aims to identify the source and scope of the breach. The company emphasized that it is considering different stages of a controlled restart to ensure the integrity of its systems before resuming full-scale operations.

 

While JLR has not officially confirmed the identity of the attackers, a group of young, English-speaking hackers has claimed responsibility via the messaging platform Telegram. The same group is believed to have targeted UK retailer M&S earlier this year. Cybersecurity experts reviewing screenshots shared by the hackers suggest they may have gained access to sensitive company data and are attempting to extort money from JLR.

 

Strategic Response and Employee Support

Despite the shutdown, JLR has continued to pay its 34,000 UK-based employees, many of whom have been instructed to remain at home. The company has also kept open lines of communication with suppliers and partners, assuring them that efforts are underway to restore operations as quickly and safely as possible.

 

The Business and Trade Committee of the UK Parliament has stepped in, urging the Chancellor to consider emergency financial support for affected suppliers. Lawmakers warn that the disruption could pose “very significant risks to cash flow” and long-term commercial viability for small and medium-sized automotive manufacturers.

 

What’s Next for JLR?

As the investigation continues, JLR is expected to:

The incident underscores the growing threat of financially motivated cyberattacks targeting industrial giants. It also highlights the need for robust digital defenses in an increasingly connected automotive ecosystem.

 

While JLR has reassured stakeholders that no customer data has been compromised, the full impact of the breach—both operational and reputational—will likely unfold over the coming weeks.

 

Sources: Cyber Security News, JLR Media Newsroom, Sky News