Currently reading: JLR delays production restart to 1 October after cyber attack

Company pushes back production restart by another week, extending pause to a whole month

JLR has extended its vehicle production pause by another week, as it continues to grapple with the impact of a cyber attack earlier this month, and now plans to start building cars again on 1 October.

The company had planned to restart production at its UK and Slovakia factories tomorrow (24 September) but has delayed the restart as part of a plan to resume operations "in a safe and secure manner".

The move means the company will lose a full month of vehicle production, having not produced any vehicles since shutting down all its global systems in response to the attack on 1 September. The impact on volumes will be made clear when the company releases its production numbers for the quarter, but in the three months to the end of September last year, JLR produced more than 80,000 Land Rover and Range Rover cars.

In a statement sent to Autocar, a JLR spokesperson said: "Today we have informed colleagues, suppliers and partners that we have extended the current pause in production until Wednesday 1 October 2025, following the cyber incident.  

"We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.

"Our teams continue to work around the clock alongside cybersecurity specialists, the NCSC and law enforcement to ensure we restart in a safe and secure manner.

"Our focus remains on supporting our customers, suppliers, colleagues, and our retailers who remain open.  We fully recognise this is a difficult time for all connected with JLR and we thank everyone for their continued support and patience."

The delay comes after the UK government stepped in to help the car maker resume operations following the incident.

A statement from UK trade body the Society of Motor Manufacturers and Traders (SMMT) last week confirmed the government was helping the effort, as JLR continues to rebuild the internal computer systems that were infiltrated.

As well as aiding moves to restart production, government cyber experts were helping to assess “any impacts on the supply chain”, which workers’ union Unite claimed on Wednesday was at the brink of collapsing.

The SMMT statement said: "The recent cyber incident is having a significant impact on Jaguar Land Rover (JLR) and on the wider automotive supply chain.

"The government, including government cyber experts, are in contact with the company to support the task of restoring production operations, and are working closely with JLR to understand any impacts on the supply chain.”

Back to top

JLR added in its own statement: "This is an important move to further identify the challenges businesses are facing following the recent cyber incident at JLR."

The attack on 1 September has left JLR incapacitated. It has led to production shutdowns at all of JLR's global plants, created issues with parts ordering and stifled retailers.

The effect could be costing JLR up to £5 million a day, business economics professor David Bailey told Autocar last week.

Since the cyber attack, the majority of JLR’s employees have been off work, with lost hours being banked.

Union Unite said on Wednesday that employees within the supply chain are being told to apply for Universal Credit as they are moved onto reduced or zero-hours contracts by employers battling to stay afloat.

Earlier reports suggested that some suppliers “will go bust” as a result of the ongoing issues at JLR.

Unite general secretary Sharon Graham said the union has written to the UK government demanding it set up a furlough scheme to take the pressure off suppliers by supplementing workers’ pay packets while they’re unable to do their jobs.

“Workers in the JLR supply chain must not be made to pay the price for the cyber attack,” said Graham. “It is the government’s responsibility to protect jobs and industries that are a vital part of the economy.”

Graham cited a similar scheme set up on 15 September by the Scottish government to support bus maker Alexander Dennis and said “a similar scheme for workers in the JLR supply chain [should be set up] now”.

JLR suppliers 'could go bankrupt'

Recent reports have claimed that some of the firm's suppliers could go bust as a result of the shutdowns.

Former Aston Martin CEO Andy Palmer told the BBC on 12 September: “I would not be at all surprised to see bankruptcies.” 

Back to top

Palmer added that many suppliers will soon begin to slim their staff count as a result of the shutdown, saying: “You hold back in the first week or so of a shutdown; you bear those losses. But then you go into the second week, more information becomes available – then you cut hard. So layoffs are either already happening or are being planned."

Along with Unite, another making the call for a furlough scheme is Commons Business and Trade Committee chairman Liam Byrne.

The Labour MP said: "What began in some online systems is now rippling through the supply chain, threatening a cashflow crunch that could turn a short-term shock into long-term harm. We cannot afford to see a cornerstone of our advanced manufacturing base weakened by events beyond its control."

JLR hack: what happened?

Autocar first reported issues affecting JLR on 1 September, when dealers couldn't register new cars on 'new plate day' , traditionally one of the year's busiest for registrations.

In an effort to combat the hack, JLR began “shutting down our systems” on 2 September.

It's still in the process of rebuilding them and is unabel to confirm a timescale for the fix.

Back to top

The hack has left JLR incapacitated. No cars have been produced globally since, leading to millions of pounds of lost income.

The extent of the issues meant JLR brought police and cybersecurity experts in to “restart our global applications in a controlled and safe manner”.

During this process, which included an investigation, it was discovered that "some data" was "affected", said JLR. Those affected will be contacted, said the firm.

It's not officially known what data was taken or if a ransom demand has been made, but it is thought it most likely involves customer data given the involvement of the police.

JLR said in a statement on 15 September that it will look to restart production on 24 September.

Who has claimed responsibility for JLR hack?

On 3 September, a group of hackers calling themselves Scattered Lapsus$ Hunters claimed responsibility for the attack on JLR.

This is the same group that hacked Marks & Spencer in May, causing the British retailer seven weeks of disruption and costing £300 million in lost operating profit.

It claimed to have obtained customer data after exploiting a similar flaw in JLR’s IT system. The claim was made on a Telegram messenger group, where a user linked to the hackers posted a screenshot of what appeared to show JLR's internal system.

A member of the group revealled that a well-known flaw in SAP Netweaver, third-party software used by JLR, was exploited to access the data.

The US's Cybersecurity and Infrastructure Security Agency warned about the flaw earlier this year. An update for the software was released, but whether JLR applied it is unknown.

It's also not known what data was taken or if a ransom demand has been made of JLR.

Join our WhatsApp community and be the first to read about the latest news and reviews wowing the car world. Our community is the best, easiest and most direct place to tap into the minds of Autocar, and if you join you’ll also be treated to unique WhatsApp content. You can leave at any time after joining - check our full privacy policy here.

Will Rimell

Will Rimell Autocar
Title: News editor

Will is Autocar's news editor.​ His focus is on setting Autocar's news agenda, interviewing top executives, reporting from car launches, and unearthing exclusives.

As part of his role, he also manages Autocar Business – the brand's B2B platform – and Haymarket's aftermarket publication CAT.

Join the debate

Comments
32
Add a comment…
scotty5 23 September 2025

Not mentioned in the Autocar article but from another news source:

In September 2023, JLR outsourced its IT and digital services to Tata Consultancy Services (TCS), also a Tata-owned company, intended, it said, to "transform, simplify, and help manage its digital estate...

They say transform, simplify and help manage, but we all know it was cost cutting.

Put all your eggs in the one basket and...  It's not rocket science. 

skikid 21 September 2025

This is also exacerbated when you offshore computing it skills to places like India as Aldi Uk are doing making hundreds of I.T.it guys redundant in Accounting ,Buying and other departments ,think it is about 500 they should be made to pay duty  for importing outsorced services .

Cat201381 20 September 2025

Why do we the taxpayer have to bail out JLR. They make billions a year! They should pay out their staff and suppliers! Since the suppliers work for them! In fact majority of the suppliers are owned by JLR! 

After_shock 21 September 2025

The suppliers to JLR dont though and many many jobs are at risk, the government have not exactly 'bailed' them out they are just providing support through restarting the business and investigating the issue.

Bigger issue is how much tax Reeves has stolen from all of the employees the government should be supporting them!

uk_supercar_fan 23 September 2025
When you have such a major contributor to the economy like JLR, regardless of ownership, the govt needs to protect 'UK PLC' and quite rightly will step in with whatever support is needed to avert an economic catastrophe. As noted elsewhere, the support being offered is not financial (yet) but operational.

*a point of note, your comment about the majority of suppliers being owned by JLR is completely false. I can't think of a single one other than their own engine plant, which is owned. Some are heavily reliant on JLR business, too reliant, but that doesn't imply ownership...