Jaguar Land Rover (JLR) paid a high price for cyber attack he suffered in Augustreporting a loss of £485 million for the three months ended 30 September. For the same period in 2024, the company reported profits of £398 million.
The attack forced the automaker to shut down its plants for about six weeks. Production has now returned to normal. started to resume in early Octoberat about the same time as government announced it will back the company with a £1.5 billion loan guarantee to support its supply chain.
The Cyber Monitoring Center (CMC) said on 22 October that it believed the wider economic cost of the attack was £1.5 billion at the time, describing the attack as Category 3 system event on his own hurricane scale.
JLR reported today quarterly income £4.9 billion, down 24% on last year. It said it was a “challenging” quarter. The cyberattack forced the company to restart IT systems used for vehicle wholesalers and its Global Parts Logistics Centre. It also had to speed up the introduction of a supplier finance scheme to provide cash to suppliers. The loss of almost £500 million was partly due to cybersecurity-related costs totaling £196 million. the company said.
JLR CEO Adrian Mardell said: “JLR has made significant progress in restoring its operations safely and quickly following the cyber incident. In response, we have prioritized customer, retailer and supplier systems and I am pleased to confirm that production has resumed across all of our luxury brands.”
The company reported its results in the same way as The Office for National Statistics reported that the UK economy grew by just 0.1%. in the third quarter of 2025, up from 0.3% in the second quarter.
JLR helped by the National Cyber Security Center (NCSC) during the attack and after it. So far, neither the automaker nor the NCSC have disclosed who was responsible for the attack.
Cybersecurity Threat Analysis Firm Cyfirma has determined the group of Scattered Spider Hunters Lapsus$ as the likely attacker.
The Cyfirma report notes that a Telegram channel calling itself Scattered Lapsus$ Hunters claimed responsibility for the Jaguar Land Rover cybersecurity incident in the early days by sharing a screenshot of Jaguar Land Rover's internal IT systems.
The name of the channel unites three English-speaking hacker groups: Scattered Spider, Lapsus$ and ShinyHunters.
The firm also noted that Shinyhunters Collective has previously been linked to cyber attacks on UK retailers.
“Researchers, the media and our own assessment indicate with moderate confidence that the ShinHunters group [sic] The team may be held liable,” the statement said.
Meanwhile, the government committee on business and trade wrote to Tata Consultancy Services at the end of September. is looking for answers to possible links to the JLR attack. Its chairman, Liam Byrne MP, has written to TCS CEO Kriti Kritivasan seeking information about the JLR cyber attack and other cyber incidents at Marks and Spencer (M&S) and the Co-op Group.
TCS was briefly linked to the Scattered Spider attack on M&S earlier this year. Financial Times and the BBC separately reported in May 2025 that an Indian IT services firm was carrying out an internal investigation to find out whether this was the entry point for a cyber attack on M&S. JLR is coincidentally backed by the wider Tata organisation.
