Jaguar Land Rover (JLR) has extended its production shutdown from 24 September until 1 October, following the recent cyberattack. This attack has seen its manufacturing plants in the UK, Slovakia, India, China and Brazil forced to halt production over ongoing safety concerns around the compromised IT and manufacturing systems – demonstrating the deep and long-lasting damage that cyberattacks can cause for retailers.
The cyberattack on the company’s IT systems – carried out by a young group of English-speaking hackers known as Scattered Lapsus$ Hunters – was discovered in the small hours of Monday 1 September; by 4.30am, staff at JLR’s Halewood plant had received emails instructing them not to report to work. This latest extension will mean JLR production has been halted for a month.
Prior to the shutdown extension, David Bailey, professor of business economics at the Birmingham Business School, told PA news agency that the manufacturing pause was likely to cost Jaguar Land Rover around £120 million on profits – a cost that could rise as the pause continues.
Bailey also pointed out that the JLR production shutdown could affect a number of companies within the organisation’s supply chain – a concern backed up by the trade union Unite, who warned that the livelihood of thousands of workers within the supply chain could be at risk. It has called on the government to introduce a furlough scheme for those affected, while JLR continues its clean-up operation.
A statement on JLR’s website says that their teams are working “around the clock” to “restart in a safe and secure manner.”
Hackers claim retirement
Eight members of Scattered Lapsus$ Hunters – which contains members thought to be behind the cyberattacks on M&S and Salesforce, among others – have so far been arrested or raided by law enforcement, according to reporting in IT Pro. In a rambling message on the social media channel Telegram, the group has said they’ve “decided to go dark” and apologised to the families of their members who’ve so far been arrested. “Our objectives having been fulfilled, it is now time to say goodbye,” the message says.
However, security experts are sceptical that they’ll disappear completely. “Given the volatile and explosive nature of the group… It’s more likely members are having internal disagreements around how to proceed under the threat of prison time, how high a profile they want to maintain in the media and the cybercrime underground, and whether to lie low until the dust settles,” said Cian Heasley, principal consultant at Acumen Cyber, as reported in IT Pro. “
“Prepare for the worst”
Executive VP EMEA, Spencer Starkey, at leading cyber security company SonicWall, stresses that the JLR attack and resultant production shutdown highlights the urgent need for retailers to build resilience – and emergency planning – into their operations. “We have seen at SonicWall that organisations were under critical attack for an average of 68 days in 2024, highlighting the potential for prolonged recovery periods following sophisticated cyberattacks,” he said. “Threat actors are now exploiting vulnerabilities within 48 hours of disclosure – far faster than most organisations can patch – highlighting a growing gap between threat velocity and enterprise readiness.”
As he points out, retail is one of the key targets for hacker groups and bad actors. “Businesses today must prepare for the worst,” he said. “It’s vital every single business has a robust roadmap in place to deploy if and when an attack happens. The preparation always begins with prevention: layered security systems and updated employee training are basic principles in today’s risky environment.
“Customer and employee communication is key, and the company must always strive to keep those channels flowing both ways, to reassure people and organisations who might be affected that they are doing everything possible to recover from and resolve the incident,” he added.
Stay informed
Our editor carefully curates two newsletters a week filled with up-to-date news, analysis and research. Click here to subscribe to the FREE newsletter sent straight to your inbox. Why not follow us on LinkedIn to receive the latest updates on our research and analysis?
