What happens when an automaker gets hacked? The recent Land Rover cyberattack shows us how dangerous hacks into systems can be.
A devastating cyberattack brought Jaguar Land Rover to its knees in September 2025, shutting down production across three countries and putting 200,000 jobs at risk. What started as a routine Monday morning turned into Britain’s most expensive corporate cyberattack, costing millions per day. Here’s how hackers calling themselves “Scattered Lapsus$ Hunters” managed to cripple one of the world’s most recognizable car brands – and why the shutdown keeps getting extended.
The attack caused serious problems
A ransomware attack took place on September 1, creating the largest such hack in 2025. It caused JLR production to shut down, with a restart date that is currently unknown. This attack brings the importance of automotive cybersecurity to the forefront and makes it easy for drivers to claim they don’t trust automated systems in their cars, despite many drivers becoming dependent upon them. Regardless, this Jaguar Land Rover cyberattack means a production stoppage that has a ripple effect on suppliers, auto workers, and dealers across the globe.
A quiet hack turned into a cyberattack
The Land Rover cyberattack was detected at the end of August, with managers of the Halewood, Merseyside factory, telling their industry contacts that there might have been a hack, but they weren’t sure how bad the situation was until the calendar flipped to September. When that happened, things changed, and the factory had to shut down quickly. When managers realized just how serious the cyberattack was, they closed shop to figure out how to solve the problem, but it’s been a little more than three weeks, and the factors across several countries are still shut down for the time being.
The UK government was called in for support
This automotive industry breach has a long-reaching impact on the automotive world, especially in countries where Jaguar Land Rover has factories. The turmoil is being felt across the company’s supply chain, with many reaching out to the UK government for financial support for fear of going bust due to the sudden change in revenue. This single computerized attack impacts more than 200,000 workers across the industry, and not just those working directly for the UK-based automaker.
Solving the problem
The latest Land Rover cyberattack took down nearly every system the automaker uses. This caused factory workers to be put on leave indefinitely, and nearly all computer-based systems are offline. Managers have access to emails, and the company found a workaround to make payments and ship cars to customers, but most other systems are down. The company’s focus has been on keeping current customers happy, but workforce morale is extremely low, with workers unable to go to work and earn a paycheck. Hopefully, that will change very soon as the company continues to figure out how to bring everything back online after this attack that could cost billions in lost revenue.
English-language hackers
The Scattered Spider hackers seem to have been part of this attack. The are known for attacking corporations in the United States only a few years ago. Although some arrests were made in the UK in relation to previous attacks on M&S and Co-op, this new attack seems to have help from two other groups called Lapsus$ and ShinyHunters.
The M&S attack was a ransomware attack, which effectively locks the IT systems. Although JLR didn’t confirm the nature of the attack, it had to close down factories before learning what type of attack they were victims of and how to solve the problem. A person called Rey claimed on a Telegram channel that they had extracted data from JLR earlier this year, which means this person might be the starting point of this attack and its impact on the automaker.
Cashflow could be a problem
JLR has access to about 6 billion pounds in cash, which is enough to cope with the crisis for now, even without the help of its parent conglomerate, Tata. They have set up a help desk for suppliers to answer questions about this Land Rover cyberattack and what to expect. The company hasn’t asked for state support for itself but is trying to gain that support for its supply chain to help cover some of the challenging costs caused by this attack.
What does the Land Rover cyberattack mean for future customers? Will this alert other automakers to create stronger cybersecurity practices?
