Currently reading: Production at all JLR plants now back online following cyber attack

Range Rover Evoque and Land Rover Discovery Sport lines at Halewood are the last to restart

All JLR production lines are now back up and running more than six weeks after a cyber attack that incapacitated its global operations.

On Thursday, production lines at its Halewood plant – which builds the Range Rover Evoque and Land Rover Discovery Sport – restarted for the first time since the 1 September attack.

Work to transform the plant as part of a £500 million project to produce JLR's incoming EVs has also restarted.

This follows Land Rover Defender and Discovery lines at Nitra, Slovakia, as well as Range Rover and Range Rover Sport lines at Solihull, which came back online last week.

Initial production output is understood to be limited, given that JLR has referred to the resumption of operations as a “controlled, phased restart”.

Operations at the Wolverhampton engine plant, Birmingham battery centre and Solihull body and paint shop are now all back up and running, as are stamping operations in Castle Bromwich, Halewood and Solihull.

A statement regarding the restart at Halewood read: “This is another important moment for JLR, for our suppliers and our people. 

“We’re all super-proud of the resilience of our people and their energy to get back to doing what they do best – building world-class British luxury vehicles for our global clients.”

The cyber attack on 1 September brought all factories to a halt and incapacitated JLR, forcing it to shut down its internal computer systems in an effort to protect data from being stolen.

This resulted in production shutdowns at all of its global plants, created issues with parts ordering and stifled retailers.

The consequences of the cyber attack are estimated to have cost JLR a £1.5 billion drop in revenue.

Figures released by the firm last week show that, in the three-month period including the September shutdown, sales to dealers plummeted by nearly a quarter to 66,165.

That represents a loss of 21,138 cars compared with the same period in 2024.

“It has been a challenging quarter for JLR,” outgoing CEO Adrian Mardell said in a statement. However, he said that sales in July and August had been “in line with our expectations” before the cyber attack.

Back to top

JLR will present its second-quarter financial report in November.

Government to underwrite £1.5bn JLR loan

The UK government said it will guarantee a £1.5 billion loan to JLR, to help it support suppliers who have been hit by the production shutdown.

The loan to the Tata-owned car maker will be issued by a commercial bank but will be underwritten by the UK government.

As well as costing JLR an estimated £50 million a week, the cyber attack has badly hit JLR's suppliers. 

It's estimated that around 150,000 people are employed by some 700 British firms that supply JLR, and the UK government had been investigating ways to support them, such as a furlough scheme or loans.

It will instead underwrite a single loan to JLR through the Export Development Guarantee (EDG), with JLR repaying the money over a period of five years. 

Business secretary Peter Kyle said on 27 September that the loan guarantee "will help support the supply chain and protect skilled jobs in the West Midlands, Merseyside and throughout the UK".

Chancellor Rachel Reeves added that the loan would help JLR "support their supply chain and protect a vital part of the British car industry".

Back to top

JLR hack: what happened?

Autocar first reported issues affecting JLR on 1 September, when dealers couldn't register new cars on 'new plate day', traditionally one of the year's busiest for registrations.

In an effort to combat the hack, JLR began “shutting down" its systems on 2 September. It has not produced any cars globally since, leading to millions of pounds of lost income.

The extent of the issues meant JLR brought police and cybersecurity experts in to “restart our global applications in a controlled and safe manner”.

During this process, which included an investigation, it was discovered that "some data" was "affected", according to JLR. Those affected will be contacted, the firm said.

It's not officially known what data was taken or if a ransom demand has been made, but it is thought it most likely involves customer data, given the involvement of the police.

Who has claimed responsibility for JLR hack?

On 3 September, a group of hackers calling themselves Scattered Lapsus$ Hunters claimed responsibility for the attack on JLR.

This is the same group that hacked Marks & Spencer in May, causing the British retailer seven weeks of disruption and costing £300 million in lost operating profit.

Back to top

It claimed to have obtained JLR customer data after exploiting a similar flaw in the car maker's IT system. The claim was made on a Telegram messenger group, where a user linked to the hackers posted a screenshot of what appeared to show JLR's internal system.

A member of the group revealled that a well-known flaw in SAP Netweaver, a third-party software used by JLR, was exploited to access the data.

The US's Cybersecurity and Infrastructure Security Agency warned about the flaw earlier this year. An update for the software was released, but whether JLR applied it is unknown.

It's also not known what data was taken or if a ransom demand has been made of JLR.

Join our WhatsApp community and be the first to read about the latest news and reviews wowing the car world. Our community is the best, easiest and most direct place to tap into the minds of Autocar, and if you join you’ll also be treated to unique WhatsApp content. You can leave at any time after joining - check our full privacy policy here.

Will Rimell

Will Rimell Autocar
Title: News editor

Will is Autocar's news editor.​ His focus is on setting Autocar's news agenda, interviewing top executives, reporting from car launches, and unearthing exclusives.

As part of his role, he also manages Autocar Business – the brand's B2B platform – and Haymarket's aftermarket publication CAT.

Join the debate

Comments
102
Add a comment…
normanmeg 22 October 2025

I invested $86,000 worth of USDT into a stock market trading app, believing it to be a legitimate opportunity for me to make profit. It wasn’t until later that I discovered it was a Ponzi scheme. As a full-time investor, I was devastated by the loss and felt immense regret for trusting the marketing admin with my hard earned money. While grappling with the aftermath, I came across Reviews of jamesmckaywizard on GOOGLE while i was looking for ways to recover my stolen funds back. After researching, I found them to be a genuine and trustworthy crypto recovery team. I reached out to them, and they promptly guided me through the entire process via their email. Thanks to their expertise and dedication, my USDT was fully recovered. I highly recommend their Service to anyone seeking assistance in recovering their crypto or money lost to anyone online due to false pretense or whatsoever via Email: jamesmckaywizard at gmail dot com or what 'Sapp +31- 65-74-46-24-8.

marcuskoss9 20 October 2025

I’m retired, and like many people my age, I wanted to find a way to make my savings last longer and maybe grow a little. I’d heard so much about Bitcoin and how it was the future, so when I came across an ‘investment opportunity’ that looked professional and trustworthy, I thought I’d give it a try. At first, everything seemed fine. The account they set up for me showed profits increasing, and they even allowed me to make a small withdrawal in the beginning. That made me feel confident, so I invested more of my retirement funds. But when I tried to take out a larger amount, everything went silent. Suddenly, I couldn’t log in, and my emails went unanswered. That’s when I realized I had been scammed. The feeling was devastating. This wasn’t just money, it was part of the savings I had worked my entire life for. I felt foolish, embarrassed, and very alone. Every article I read said the same thing: once Bitcoin is gone, it can’t be recovered. I thought I had to accept the loss and move on, even though it weighed heavily on me. Then I learned about GRAYWARE TECH SERVICE. At first, I was hesitant, after being scammed once, I wasn’t sure I could trust anyone again. But from the very first conversation, they treated me with kindness and respect. They didn’t make me feel judged, and they explained the process in a way I could understand. I gave them all the details I had, transaction IDs, wallet addresses, and emails from the scammers. They went to work right away and kept me updated every step of the way. Weeks later, they achieved what I thought was impossible: they recovered a significant portion of my stolen Bitcoin and returned it to me safely. I cannot describe the relief I felt. Knowing that I hadn’t completely lost those funds gave me back peace of mind and restored some of the security I need in retirement. I will forever be grateful to GRAYWARE TECH SERVICE. They gave me back not only my money but also my confidence. If you’ve been scammed, no matter your age, please don’t give up hope. I thought I had lost everything for good, but recovery is possible, and I’m proof of it.You can reach them on whatsapp+18582759508 web at ( https://graywaretechservice.com/ )    also on Mail: (contact@graywaretechservice.com

Robert6666 20 October 2025
I was amazed when I got to see all of my partner's text messages, calls, and chats directly from my phone. For a long while now, I've been having trust issues with my wife, so I came on here in search for help on how to spy on her and after going through several reviews about the Zattechhacker @ gmail com, I immediately mailed for help, surprisingly, after few hours, they delivered without any glitch. Simply the best you can come across.