Currently reading: JLR set to restart production five weeks after cyber attack

British firm has not built a car since its IT systems were hacked on 1 September

JLR is set to restart production this week following the incapacitating cyber attack that took down its systems at the start of September.

The Wolverhampton engine plant will be the first to resume operations, reports the BBC. This is understood to be in a limited state at first, with full capacity not expected for several weeks.

Some outlets suggest work in Wolverhampton could restart as early as Monday (6 October). Work at the car maker's other sites in Merseyside and West Midlands are expected to restart this week, although exact timings have yet to be announced. Autocar has contacted JLR for further details.

On Friday (3 October), a spokesperson reiterated the statement given on Monday (29 September) that production would resume "in the coming days". They added that restart assessments were being carried out daily. 

The British manufacturer is still working to recover from a significant cyber attack that brought all its factories to a halt on 1 September.

​The hack incapacitated the Land Rover maker, forcing it to shut down its internal computer systems in an effort to protect data from being stolen.

This resulted in production shutdowns at all of its global plants, created issues with parts ordering and stifled retailers.

JLR had originally earmarked 24 September as a potential restart date but pushed any decision back to 1 October. This date was then superseded by a new "in the coming days" statement on 29 September.

As factory lines remain at a standstill, further details are still unclear, such as which factories will restart first or what its target volumes will initially be.

On 29 September, JLR said production will restart in a "controlled, phased" manner, suggesting volumes will initially be restricted.

The impact on volumes will be made clear when the company releases its production numbers for the quarter, but in the three months to the end of September last year, it produced more than 80,000 cars.

The effect could be costing JLR up to £5 million a day, business economics professor David Bailey has told Autocar.

Government to underwrite £1.5bn JLR loan

The restart comes after the UK government said it will guarantee a £1.5 billion loan to JLR, to help it support suppliers who have been hit by the production shutdown.

Back to top

The loan to the Tata-owned car maker will be issued by a commercial bank, but will be underwritten by the UK government.

As well as costing JLR an estimated £50 million a week, the cyber attack has badly hit the firm's suppliers. 

It's estimated that around 150,000 people are employed by some 700 British firms that supply JLR, and the UK government has been investigating ways to support them, such as a furlough scheme or loans.

It will instead underwrite a single loan to JLR through the Export Development Guarantee (EDG), with JLR repaying the money over a period of five years. 

Business secretary Peter Kyle said on 27 September that the loan guarantee "will help support the supply chain and protect skilled jobs in the West Midlands, Merseyside and throughout the UK".

Chancellor Rachel Reeves added that the loan would help JLR "support their supply chain and protect a vital part of the British car industry".

Since the attack, JLR has been able to restore some of its IT systems following the back and was able to start paying some of its suppliers.

 

JLR hack: what happened?

Autocar first reported issues affecting JLR on 1 September, when dealers couldn't register new cars on 'new plate day' , traditionally one of the year's busiest for registrations.

Back to top

In an effort to combat the hack, JLR began “shutting down" its systems on 2 September, and has not produced any cars globally since, leading to millions of pounds of lost income.

The extent of the issues meant JLR brought police and cybersecurity experts in to “restart our global applications in a controlled and safe manner”.

During this process, which included an investigation, it was discovered that "some data" was "affected", said JLR. Those affected will be contacted, said the firm.

It's not officially known what data was taken or if a ransom demand has been made, but it is thought it most likely involves customer data given the involvement of the police.

Who has claimed responsibility for JLR hack?

On 3 September, a group of hackers calling themselves Scattered Lapsus$ Hunters claimed responsibility for the attack on JLR.

This is the same group that hacked Marks & Spencer in May, causing the British retailer seven weeks of disruption and costing £300 million in lost operating profit.

It claimed to have obtained customer data after exploiting a similar flaw in JLR’s IT system. The claim was made on a Telegram messenger group, where a user linked to the hackers posted a screenshot of what appeared to show JLR's internal system.

A member of the group revealled that a well-known flaw in SAP Netweaver, third-party software used by JLR, was exploited to access the data.

The US's Cybersecurity and Infrastructure Security Agency warned about the flaw earlier this year. An update for the software was released, but whether JLR applied it is unknown.

It's also not known what data was taken or if a ransom demand has been made of JLR.

Join our WhatsApp community and be the first to read about the latest news and reviews wowing the car world. Our community is the best, easiest and most direct place to tap into the minds of Autocar, and if you join you’ll also be treated to unique WhatsApp content. You can leave at any time after joining - check our full privacy policy here.

Will Rimell

Will Rimell Autocar
Title: News editor

Will is Autocar's news editor.​ His focus is on setting Autocar's news agenda, interviewing top executives, reporting from car launches, and unearthing exclusives.

As part of his role, he also manages Autocar Business – the brand's B2B platform – and Haymarket's aftermarket publication CAT.

James Attwood

James Attwood, digital editor
Title: Associate editor

James is Autocar’s associate editor, and has more than 20 years of experience of working in automotive and motorsport journalism. He has been in his current role since September 2024, and helps lead Autocar's features and new sections, while regularly interviewing some of the biggest names in the industry. Oh, and he once helped make Volkswagen currywurst. Really.

Before first joining Autocar in 2017, James spent more than a decade in motorsport journalist, working on Autosport, autosport.com, F1 Racing and Motorsport News, covering everything from club rallying to top-level international events. He also spent 18 months running Move Electric, Haymarket's e-mobility title, where he developed knowledge of the e-bike and e-scooter markets. 

Join the debate

Comments
72
Add a comment…
Lucass12 6 October 2025

After loosing $400k to binary crypto investment scam. I thought I’d never recover my money back, until i met a testimony of Mrs Mariah online talking about DAREK RECOVERY who helped her recover her funds back. I decided to give it a try and contacted them on recoverydarek @ Gmail. com  luckily for me as i speak to you all, my funds has been recovered and was delivered to me within 24 hours.

Victoria22 5 October 2025
Don’t be deceived by different testimonies online that is most likely wrong. I have made use of several recovery options that got me disappointed at the end of the day but I must confess that the tech genius I eventually found is the best out here. It’s better you devise your time to find the valid professional that can help you recover your stolen or lost crypto such as bitcoins rather than falling victim of other amateur hackers that cannot get the job done. ADAMWILSON . TRADING @ CONSULTANT COM / WHATSAPP ; +1 (603) 702 ( 4335 ) is the most reliable and authentic blockchain tech expert you can work with to recover what you lost to scammers. They helped me get back on my feet and I’m very grateful for that. Contact their email today to recover your lost coins ASAP
monicaabbott86 5 October 2025

I encountered an unexpected issue with my crypto account, leaving me unable to access my Bitcoin wallet. Despite numerous attempts, I was continuously blocked and denied access. With $240,000 at stake, I felt overwhelmed by the thought of losing everything. Thankfully, a ray of hope emerged when I stumbled upon a review about SWIFT HACK EXPERT, a trusted funds recovery service that had successfully assisted countless individuals in similar situations. Without hesitation, I reached out to them, and to my amazement, SWIFT HACK EXPERT was able to retrieve my Bitcoin wallet and restore my funds. I’m immensely grateful to SWIFT HACK EXPERT for their incredible work. For those in need, you can contact through the following channels: swift1@cyberservices.com and WhatsApp +1-845-224-5771