Jaguar Land Rover (JLR) has told suppliers that production at its U.K. factories will not resume for at least until September 24 following a major cyberattack — with industry sources warning the disruption could extend through November, according to BBC News. A criminal investigation is underway into the attack, which occurred more than two weeks ago, forcing JLR to shut down its IT networks — paralyzing production at vehicle factories in Solihull and Halewood and the engine plant in Wolverhampton. Production has also halted at major factories in Slovakia and China, as well as a smaller facility in India. JLR, owned by India's Tata Motors, has dismissed reports that the disruption could last weeks or months as "speculation." However, BBC News reports that suppliers — mostly small and medium-sized enterprises — lack the financial resources to cope with an extended outage.
From a supply chain perspective, Jaguar Land Rover Automotive plc (JLR) is based in Whitley Coventry England and is the United Kingdom's largest automaker, having been acquired from Ford by Tata Motors in 2008 for $2.3 billion. Adrian Mardell is JLR's CEO. Tata Motors Limited, based in Mumbai India, is the automotive division of the Tata Group — P.B. Balaji is CEO of Tata Motors. The JLR Solihull Plant (West Midlands England) manufactures Range Rover, Range Rover Sport, Range Rover Velar, Discovery, and Defender. The JLR Halewood Plant (Merseyside England) produces Range Rover Evoque, Discovery Sport, and is being prepared for new EV models. The JLR Wolverhampton Engine Manufacturing Centre (West Midlands England) manufactures Ingenium petrol and diesel engines. The JLR Nitra Plant (Nitra Slovakia) produces Discovery and Defender — with annual capacity of 150,000 vehicles. The JLR Changshu Plant (Jiangsu China) is a joint venture with Chery Jaguar Land Rover, producing Evoque, XE, XF, E-Pace, and F-Pace. The JLR Pune Plant (Maharashtra India) is a joint venture with Tata Motors.
From a supply chain perspective, cyberattacks on the automotive sector have increased dramatically in recent years. Honda (2020 Ekans/Snake ransomware), Toyota (2022 Kojima Industries supplier attack), Volkswagen (2021 data breach), Kia (2021 DoppelPaymer ransomware), Mercedes-Benz (2022 Hatch ransomware), Stellantis (2024 IVR breach), Nissan (2023 data breach), Hyundai Europe (2024 Black Basta ransomware), BMW (2023 supplier attack), Ferrari (2023 RansomEXX), Continental (2022 LockBit), Denso (2022 Pandora ransomware), Bridgestone (2022 LockBit) are major automotive sector cyberattack incidents. Auto-ISAC (Automotive Information Sharing and Analysis Center) was established in the U.S. in 2015 for automotive sector cyber threat intelligence sharing. ISO/SAE 21434 is the automotive cybersecurity engineering standard. UNECE WP.29 R155 and R156 require cybersecurity and software update management for vehicle type approval. TISAX (Trusted Information Security Assessment Exchange) is an information security assessment framework for the European automotive supply chain.
From a supply chain perspective, JLR employs over 33,000 people in the U.K. and over 104,000 globally — making it a major employment source for the U.K. automotive sector. The U.K. automotive supply chain includes major suppliers such as GKN, Magna International, ZF Friedrichshafen, Bosch, Continental, Dana Incorporated, BorgWarner, Cooper Standard, Lear Corporation, Adient, Aptiv, and Autoliv. SMMT (Society of Motor Manufacturers and Traders) is the U.K. automotive sector representative body — Mike Hawes is Chief Executive. U.K. automotive production stood at 905,000 vehicles in 2024 — declining from a 1999 peak of 1.98 million — with JLR representing over 40% of production. The post-Brexit U.K.-EU Trade and Cooperation Agreement (TCA) is critical for the automotive sector — requiring compliance with rules of origin. The NCSC (National Cyber Security Centre) is the U.K. cybersecurity agency — playing a role in investigations related to the JLR attack. In conclusion, the JLR cyberattack underscores once again the importance of cyber resilience for the global automotive industry — serving as a critical warning about vulnerabilities in the just-in-time supply chain model.
Key Points:
1. JLR production remains halted in the U.K. due to cyberattack at least until September 24.
2. Solihull, Halewood, Wolverhampton, Slovakia, China, and India facility disruptions.
3. Industry sources warn disruption could extend through November.
4. Tata Motors is the parent company of JLR.
5. Small and medium-sized suppliers face financial difficulties.
