Jaguar Land Rover has given an extension of its production until October 1, 2025, after a complex cyberattack that caused its production to be halted in all of its manufacturing plants in the UK. The three key assembly plants of the Tata-owned automaker, located in Solihull, Castle Bromwich, and Halewood, are offline, with cybersecurity experts collaborating with the National Cyber Security Centre to determine the intrusion.
Production halt extends as cyber investigation deepens
Britain’s largest car manufacturer, Jaguar Land Rover (JLR), faces a prolonged shutdown of its global operations after the company announced an extension of the current closure, which began on 31 August, to at least 1 October, according to Sky News. The extension will cost JLR tens of millions of pounds a day in lost revenue, raise major concerns about companies and jobs in the supply chain, and raise further questions about the vulnerability of the UK industry to cyber assaults.
The company “clearly hasn’t resolved the problem” of the attack on its IT systems, “because the factory hasn’t restarted”, industry minister Chris McDonald said. A spokesperson said of the move: “We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation. Our teams continue to work around the clock alongside cybersecurity specialists, the NCSC, and law enforcement to ensure we restart safely and securely.”
Zero-day vulnerability exploited in sophisticated breach
The preliminary forensics show that the threat actors exploited a zero-day vulnerability in a third-party remote access tool and were able to establish a presence in critical systems before the lateral movement occurred, as per Cyber Press. Although JLR has not reported a customer data breach, company engineers have noticed abnormal traffic behavior, which is in line with data-exfiltration actions.
Supply chain faces mounting pressure amid prolonged closure
More than 33,000 people work directly for JLR in the UK, many of them employed on assembly lines in the West Midlands, the largest of which is in Solihull, and a plant at Halewood on Merseyside. An estimated 200,000 more are employed by several hundred companies in the supply chain, who face a prolonged interruption to trade with what for many will be their largest client.
The “just-in-time” nature of automotive production means that many had little choice but to shut down immediately after JLR announced its closure, and no incentive to resume until it is clear when it will be back in production. Industry sources estimate that around 25% of suppliers have already taken steps to pause production and lay off workers, many of them byย “banking hours” they will have to work in the future. The government has faced calls from unions to introduce a furlough-style scheme to protect jobs in the supply chain, but with JLR generating profits of ยฃ2.2bn last year, the company will face pressure to support its suppliers.
Cybersecurity concerns highlight industry vulnerabilities
According to no information given by the Indian-owned conglomerate Tata, which owns JLR, it was assumed to be a ransomware attack like the ones that crippled Marks and Spencer and the Co-Op earlier this year. Besides halting production on vehicles, dealers have been unable to issue vehicles or obtain spares, not to mention diagnostic software to analyse specific vehicles.
The extended JLR shutdown underscores the growing vulnerability of modern manufacturing to sophisticated cyberattacks. As investigators work on the case and recovery operations continue, the incident is an excellent lesson on how digital dependencies can bring entire industrial ecosystems to a halt. The automotive industry now has to strike a balance between the efficiency of operations and the efficiency of cybersecurity measures against the future impacts that can destabilize the economic condition and national security interests.