JLR prepares to restart production after cyber incident
Words/Images NZ Autocar
Jaguar Land Rover (JLR) is preparing to restart car production in the UK following a major cyber attack. The incident forced operations to halt for a month at its three domestic plants.
The company confirmed that “some sections” of manufacturing will resume in the coming days. Up first is the Wolverhampton facility that restarts on 6 October before operations recommence at other sites.
The restart follows a £1.5b government-backed loan to support JLR’s supply chain. It has been under severe strain during the shutdown. Analysts estimate the company has been losing up to £500m ($NZ1.16b) per week while its production lines remained idle. The loan, announced by Business Secretary Peter Kyle, is intended to help JLR pay suppliers. Many of these are small firms employing around 100,000 people nationwide.
The disruption began when JLR shut down its IT systems after the firm identified a “cyber incident” on 31 August. With production heavily dependent on these systems, operations at Halewood, Solihull, Wolverhampton and overseas plants came to a standstill. Staff were asked to stay at home while the company worked with cybersecurity experts and law enforcement to contain the situation.
JLR launched an in-depth investigation, later confirming that some data may have been affected, though details have not been disclosed. Regulators were notified, and the company has pledged to contact individuals if their information gets into the wrong hands. A spokesperson said efforts to restore global applications are ongoing, with priority given to security and control.
Experts have warned that the attack illustrates the vulnerability of modern auto manufacturing. A single IT system failure can halt production across multiple sites. Dray Agha, senior manager at cybersecurity firm Huntress, highlighted the need for “segmentation”. This is the use of digital firewalls to separate critical production networks from wider business IT systems. This approach could prevent a complete shutdown in future incidents.
The financial toll of the attack adds to existing challenges for JLR. It has already reported a drop in quarterly sales in early 2025, partly due to foreign tariffs introduced by the US government. While it is not clear whether the company will pay any ransom to the attackers, the event is expected to leave a lasting financial impact. It also has raised warnings for other manufacturers about the importance of building resilience into production systems.
