Full story
JLR attack halts production
Hackers linked to Russia disrupted Jaguar Land Rover’s systems and forced the automaker to take its systems offline, with the attack beginning on Aug. 31, 2025 and halting production across factories in Britain, Brazil, China, India and Slovakia.
“Cyberwarfare / Nation-State Attacks,Fraud Management & Cybercrime,Governance & Risk Management Suggestions that Russian attackers disrupted British automotive giant Jaguar Land Rover raise the question of how the British government might respond, especially if it confirms Kremlin involvement”
The disruption lasted until operations resumed in October 2025, but production levels did not return to normal until the following month, and the incident cost Jaguar Land Rover $260 million while taking an estimated $2.5 billion bite out of the British economy.

A separate report tied the same incident to a five-week production suspension, saying the shutdown “forced the leading British automaker to lock down its computer networks and completely stop production for five weeks.”
In the days after the breach, Microsoft alerted Jaguar Land Rover that a Russian group it was tracking appeared to be behind the attack, and The New York Times reported the attribution while citing anonymous sources.
Attribution debate and warnings
Ian Thornton-Trump, CISO of cybersecurity firm Inversion6, said, “I'm not surprised that Russia will find innovative ways of making life difficult for the government,” framing the incident as part of Russian “gray zone” tactics.
Cybercrime expert Alan Woodward, a visiting professor at England's University of Surrey, said the U.K. government’s response may be to “warn the public and, more importantly, critical business and infrastructure providers that it is a real and present danger.”

House Intelligence Committee member Raja Krishnamoorthi warned that the Russian cyberattack on Jaguar Land Rover is “exactly the kind of threat we should be preparing for,” adding that if Russian hackers can inflict “billions of dollars in economic damage” on a close ally, they may target American companies and critical infrastructure.
The reporting also described uncertainty about whether the Russian attackers acted directly for Vladimir Putin’s government or used cybercriminals as proxies, noting that experts warned it is “all too easy for attackers to leave false flags.”
Economic stakes and next steps
The incident’s economic impact was described as severe enough that the U.K. government backed a £1.5 billion loan guarantee to support Jaguar Land Rover’s supply chain and protect jobs across its supplier network.
“Jaguar Land Rover ha annunciato un ulteriore prolungamento della pausa produttiva di un’altra settimana, in risposta all’attacco informatico subito all’inizio di settembre”
The Manufacturer reported that around 800 computer systems were knocked offline, leaving the company unable to manufacture vehicles and throwing its 200,000-strong global supply chain into uncertainty, while also saying the disruption forced shifts at main UK manufacturing sites in Halewood and Solihull during the crucial 75-plate registration period.
Wired described a prolonged stoppage, saying production lines were “ferme” for “oltre tre settimane,” with JLR’s stop extended to at least “mercoledì primo ottobre 2025,” and it quoted the company saying teams were working “24 ore su 24” with specialists at the “Centro nazionale per la sicurezza informatica” and law enforcement.
In the same account, the article said JLR confirmed it had “colpita” by an “attacco informatico” and that “alcuni dati” were “compromessi,” while it noted that a Telegram group called Scattered Lapsus$ Hunters claimed responsibility shortly after the attack.




