JLR hit hard by cyber attack

No new Land Rovers have been manufactured since a cyber attack at JLR on 1 September. The firm is losing upwards of £5m per day. 

It has been almost three weeks since JLR suffered a significant cyber attack and it still cannot build any vehicles at any of its global facilities. There are concerns its supply chain could go under.

The firm is still busy rebuilding its computer systems. Evidently the same group that targeted Marks & Spencer this year was responsible. Customer details may have been stolen.

How long it takes to resolve the problem isn’t clear.

Industry commentators are saying there is a very real chance of downstream bankruptcies. It is likely that suppliers are now laying off staff just to survive.

Industry insiders are asking the government to set up a scheme like that used during the Covid pandemic. This would mean central government will subsidise workers’ pay while firms are idled by such hacks.

The issue at JLR first came to light on 1 September when dealers couldn’t register new cars. The next day JLR began shutting down its systems which it is now rebuilding, though no timeframe for the fix is available. 

JLR has brought in police and cybersecurity experts to assist in the restart. Evidently some data were lost in the hack, though the extent of the loss is unclear. Whether or not a ransom was involved is also unknown. 

The hackers say they have obtained customer data after exploiting a similar flaw in JLR’s IT system to that in the Marks & Spencer system. 

The US’s Cybersecurity and Infrastructure Security Agency warned about the flaw earlier this year. The software firm issued an update but whether JLR applied it is unclear.