Tata Motors-owned Jaguar Land Rover (JLR) has begun a phased resumption of its IT operations after a massive cyberattack earlier this month brought the company’s global production to a standstill.
Recovery Program Underway
In a statement on Thursday, the luxury carmaker said it is gradually restoring its systems and has increased invoicing capacity to settle pending payments with suppliers. However, production at factories in Merseyside and Solihull (UK), as well as facilities in India, Slovakia, and China, will continue to remain suspended until the recovery groundwork is complete.
Official Company Statement
“As part of the controlled, phased resumption of our operations, we have informed associates, suppliers, and retail partners that parts of our digital systems are now functional. We are working expeditiously to settle outstanding payments,” JLR said.
Global Parts Logistics Center Back Online
The company confirmed that its Global Parts Logistics Center, which supplies spare parts to retail partners in the UK and worldwide, is now fully operational. This development is expected to improve vehicle servicing, customer support, and cash flow.
Collaboration to Restart Production
JLR is working closely with cybersecurity experts, the UK’s National Cyber Security Centre (NCSC), and law enforcement agencies to ensure a safe resumption of full-scale operations. British Prime Minister Keir Starmer said the government is considering a support package for suppliers, especially small businesses affected by the production halt.
Economic Impact
The near month-long production disruption is estimated to cost JLR millions of pounds in daily losses. The company directly employs 33,000 workers in the UK, while its supply chain supports approximately 200,000 jobs. Trade unions have urged the government to provide financial relief and furlough schemes to safeguard employment and stabilize the supplier ecosystem.
Who Claimed Responsibility?
The hacker group Scattered Lapsus Hunters has claimed responsibility for the attack. The same group has been linked to multiple high-profile retail cyberattacks in the UK this year, including breaches at Marks & Spencer and the Co-op.
🕒 Timeline of JLR Cyberattack & Recovery
| Date | Event | Details |
|---|---|---|
| Early September 2025 | Cyberattack | Hacker group Scattered Lapsus Hunters targets JLR IT systems, halting global production. |
| Within Days | Production Halted | Factories in UK, India, Slovakia, China stop operations. Supplier payments delayed. |
| Mid-September 2025 | Government & Cybersecurity Involvement | UK’s NCSC, law enforcement, and cybersecurity experts collaborate with JLR. Trade unions request financial aid for suppliers. |
| September 25, 2025 | Phased IT Resumption | JLR begins restoring parts of digital systems. Global Parts Logistics Center resumes operations. Supplier payments start. |
| Ongoing | Production Recovery | Full factory operations remain suspended until recovery program is complete. Government considers support packages for suppliers. |
