The British automaker Jaguar Land Rover (JLR) is still grappling, for over a month, with the consequences of a devastating cyber attack that has paralyzed its production operations. To defend itself, the brand has halted global production, which stood at around 1000 cars per day, effectively shutting down both the British sites of Halewood and Solihull, as well as the engine factory in Wolverhampton, and hubs in Slovakia, China, and India. Many of the 33,000 employees have been asked to stay at home.
The incident, which began in late August 2025, represents one of the most severe cyberattacks ever suffered by the European automotive industry, and is generating estimated losses, to date, of about 1 billion pounds (1.36 billion dollars) in revenue, putting the entire supply chain and the whole industrial ecosystem revolving around the brand at risk.
According to Autonews, the shutdown would have caused an impact on profits estimated at 70 million pounds (80.7 million euros), equivalent to about 4.25 million euros in losses per day.
The British company’s suppliers have indeed reported that they have temporarily laid off or suspended no less than 6,000 employees, considering that their main customer has halted all orders.
The issue has even reached Parliament, where Labour MP Liam Byrne (chairman of the House of Commons Business and Trade Committee) has called for executive intervention, given the concrete risk to as many as 200,000 jobs in the UK, including direct employees and related industries.
The Perpetrators and Attack Method
The attack on Jaguar Land Rover has been claimed by the cybercriminal group known as Scattered Lapsus$ Hunters.
According to initial reconstructions, the cause could be ransomware, a type of malicious software (malware) that blocks access to data or devices until a ransom is paid to restore system functions. According to some British forums, the criminals may have exploited a vulnerability in third-party software called SAP Netweaver.
The modus operandi used by the criminal group is primarily based on sophisticated social engineering techniques, which allow attackers to bypass technological barriers by leveraging the human factor. This type of approach involves psychological manipulation of employees to obtain access credentials, confidential information, or the installation of malware within the company network.
Once they penetrated JLR’s systems, the cybercriminals had access to an impressive amount of sensitive data. About 350 GB of data was stolen, including vehicle details, development logs, source code, and employee information. The scope of the attack suggests meticulous preparation and in-depth knowledge of the automaker’s IT infrastructure.
Sales of already assembled and ready cars continue, but inventory problems could arise, considering that they will have to proceed in an alternative way to the official records kept online.
There are even rumors that the manufacturer might have lost track of 40,000 cars destined for dealerships, but JLR has denied this: “We have full visibility and control of vehicles through our tracking processes from factory to market.”
Privacy Implications
In addition to operational damage, the attack resulted in a significant data breach.
Jaguar Land Rover has confirmed that the attackers also stole “some data” during the recent cyberattack. The compromised information could include technical data on vehicles, employee information, and potentially even customer details, representing a significant risk to privacy and commercial security.
Comparison with Ferrari: a Recurring Pattern in the Automotive Sector
The attack on Jaguar Land Rover inevitably recalls the cyberattack suffered by Ferrari in March 2023, which presents some similarities to the current incident. A list on the RansomEXX website showed 7GB of data allegedly stolen from Ferrari, including internal documents, technical sheets, and repair manuals.
In Ferrari’s case, the company had been contacted by one of the perpetrators with a ransom demand. However, the Italian company had adopted a firm stance, refusing to pay what the criminals demanded. Ferrari stated that the ransomware attack was responsible for a data breach that had exposed customer details, but had not impacted business operations.
The main difference between the two attacks lies in the operational impact: while Ferrari managed to keep its daily business functions operational, Jaguar Land Rover had to face a complete paralysis of production activities.
The Lesson
The Jaguar Land Rover incident highlights the growing vulnerability of the automotive sector to cyber attacks and represents a wake-up call for the entire automotive industry, demonstrating how the increasing digitalization and connectivity of modern vehicles expose car manufacturers to increasingly sophisticated cyber risks.
What remains, apart from the serious damage, is the urgency of massive investments not only in cybersecurity technologies but especially in staff training to recognize and counter social engineering techniques. Cybersecurity awareness can no longer be considered an accessory cost, but must become a fundamental strategic investment for business survival in the digital age.
The important thing, however, is to choose the right one: updated, effective, entertaining, personalized, interactive, easily accessible, continuous.
Even in the world of training, in fact, things change very quickly and relying on inadequate training courses could be a serious strategic mistake for companies.
