Jaguar Land Roveri tootmist tabas küberrünnak, mis põhjustas suuri häireid

[landy]

Jaguar Land Roveri tootmist tabas küberrünnak, mis põhjustas suuri häireid
02.09.20025

Jaguar Land Rover teatas, et küberrünnak on „tõsiselt häirinud” nii sõidukite tootmist kui ka jaemüügi tegevust.

Ettevõte, mis kuulub India Tata Motorsile, ütles, et võttis kohe tarvitusele meetmed rünnaku mõju vähendamiseks ning töötab kiiresti selle nimel, et tegevus taastada.

Ettevõtte sõnul ei ole tõendeid, et kliendiandmeid oleks varastatud.

Rünnak algas pühapäeval ning langeb ajaliselt olulisse hetke Suurbritannia autoturul, sest esmaspäeval, 1. septembril, muutus kättesaadavaks uus registreerimisnumbrite partii.

Traditsiooniliselt on see populaarne aeg, mil tarbijad saavad oma uue auto kätte.

BBC andmetel avastati rünnak selle toimumise ajal ning ettevõte lülitas oma IT-süsteemid välja, et vähendada kahju ulatust.

Merseyside’is Halewoodis asuva tehase töötajatele saadeti esmaspäeva hommikul e-kiri, et nad ei tuleks tööle, samas kui teised saadeti koju.

Kes rünnaku taga on, pole veel teada, kuid see järgneb rasketele rünnakutele Suurbritannia tuntud jaekettide vastu, sealhulgas Co-op ja Marks and Spencer.

Mõlemal juhul üritasid häkkerid raha välja pressida.

Ettevõte kirjutas avalduses: „JLR-i on mõjutanud küberintsident. Võtsime kohe tarvitusele meetmed selle mõju vähendamiseks, lülitades ennetavalt välja oma süsteemid.

„Töötame nüüd kiiresti selle nimel, et oma globaalseid rakendusi kontrollitult taaskäivitada.

„Praegu ei ole tõendeid, et kliendiandmeid oleks varastatud, kuid meie jaemüügi- ja tootmistegevus on olnud tõsiselt häiritud.”

Tootmise peatumine on uus tagasilöök ettevõttele, mis hiljuti teatas kasumi langusest, mida seostati USA tollitariifidest tingitud kulude kasvuga.

https://www.bbc.com/news/articles/c9wyw ... 7ID6NZg6Vg

[landy]

Uudiseid Suurbritanniast:
Nagu teid võidi juba eile ja täna informeerida, on JLR-i varuosade kataloog (EPC) ja KOGU veebisüsteem hetkel maas!
Tundub, et see on nüüd mõjutanud ka Suurbritannias nende „uute numbrimärkide päeva”.
IT-probleemi tõttu ei saa JLR registreerida autosid olulisel „uute numbrimärkide” päeval.
Ühtegi uut Land Roveri mudelit ei registreeritud Ühendkuningriigis eile, kuna tootja püüab süsteemirikke lahendamiseks kiiresti tegutseda.

Eesti kontekstis: Online varuosasüsteem on "maas "olnud tegelikult juba nädalavehtsusest alates ja ei võimalda ei ametlikel ega sõltumatutel varuosamüüjatel seda kasutada ning põhjustab häireid varuosade müügil.

Pikemalt:
https://www.autocar.co.uk/car-news/new- ... fc_Ld7g8WA

[landy]

Jaguar Land Roveri värske teade pärast Halewoodi tootmise seiskamist

ECHO paljastas, et autotootmise hiiglast tabas nädal tagasi küberrünnak
Uudised
Liam Thorp, poliitika toimetaja
12:15, 08. september 2025

Jaguar Land Rover andis värskenduse kriisi kohta, mis tabas ettevõtet pärast seda, kui nädal tagasi peatati tootmine kõigis tehastes. ECHO paljastas, et riigi suurimat autotootjat tabas eelmise esmaspäeva küberrünnak, mis jätkuvalt tekitab kaost.

Autotootmise hiiglane, mis kuulub India Tata grupile, peatas rünnaku järel kiiresti kogu tootmise nii Ühendkuningriigis kui ka mujal maailmas ning töötab siiani probleemi lahendamise nimel. See hõlmab tuhandeid töötajaid Halewoodi tehases Merseyside’is ja teistes ÜK tehastes Solihullis ja Wolverhamptonis.

Halewoodis töötavad inimesed ütlesid ECHO-le, et neile teatati tootmise seiskamisest esmakordselt 1. septembri varahommikul kell 4.30 saadetud e-kirjaga, milles paluti neil mitte tööle tulla.

Veel üks vahetus saadeti Halewoodi tehasest koju.

Kriisi jätkudes on Halewoodi töötajatele öeldud, et nad ei tohi tehasesse minna vähemalt käesoleva nädala kolmapäevani.

Neid on palutud olla valmis tööle tulema kolmapäeval, välja arvatud juhul, kui e-kirjaga teatatakse teisiti.

Töötajatele makstakse palka tavapäraselt edasi ning nende töötunnid arvestatakse hilisemaks “panka”.

Uues nädalavahetusel avaldatud avalduses ütles JLR-i pressiesindaja:
„Me töötame ööpäevaringselt selle nimel, et taaskäivitada oma ülemaailmsed süsteemid kontrollitud ja turvalisel viisil pärast hiljutist küberintsidenti.

Teeme koostööd kolmandate osapoolte küberjulgeoleku ekspertidega ning õiguskaitseorganitega.

Tahame tänada kõiki oma kliente, partnereid, tarnijaid ja kolleege kannatlikkuse ja toetuse eest.

Vabandame väga selle intsidenti põhjustatud häirete pärast. Meie jaemüügi partnerid on endiselt avatud ning jätkame täiendavate teadete jagamist.”

Noorte häkkerite rühmitus, kes on sihiks võtnud Marks & Spenceri ja teisi Briti kaubamärke hiljutistes küberrünnakutes, on väidetavalt võtnud vastutuse JLR-i rünnaku eest.

BBC teatas kolmapäeval, et jõuk kiitles häkiga kiirsuhtlusplatvormil Telegram ning jagas ekraanitõmmiseid, mis väidetavalt pärinesid autotootja sisemisest IT-süsteemist.

See juhtum järgneb mitmele küberrünnakule ÜK jaekaubandussektoris aasta alguses, mille raskemate kannatanute hulgas olid M&S, Co-op ja Harrods.

--------------------------
Jaguar Land Rover update after Halewood production shut down

The ECHO revealed that the car manufacturing giant was hit by a cyber attack a week ago
News
Liam Thorp Political Editor
12:15, 08 Sep 2025

Jaguar Land Rover has provided an update on the current crisis hitting the company after production was shut down across all its sites one week ago. The ECHO revealed that the nation's biggest car manufacturer was hit by a cyber attack last Monday that is continuing to cause havoc.

The car manufacturing giant, which is owned by India's Tata group, swiftly shut down all production at its sites across the UK and around the world following the attack, which the firm is still working to resolve. This includes thousands of staff at its Halewood plant in Merseyside and its other UK plants in Solihull and Wolverhampton.

Staff based at Halewood told the ECHO they were first told of the shut down via an email at 4.30am on September 1, telling them not to come to work.


Another shift was sent home from the Halewood plant.

Mayor Steve Rotheram 'incandescent' after what he saw on train

I rejected Real Madrid to sign for Liverpool - how I acted was totally wrong

As the crisis continues, staff at Halewood have been told to stay away from the site until at least Wednesday of this week.

The staff have been asked to be ready to work on Wednesday unless told otherwise by email.

Staff will continue to be paid as usual and will “bank” their hours to be picked up later on.

In a new statement released this weekend, a spokesperson for JLR said: “We continue to work around the clock to restart our global applications in a controlled and safe manner following the recent cyber incident.

"We are working with third-party cybersecurity specialists and alongside law enforcement.

“We want to thank all our customers, partners, suppliers and colleagues for their patience and support.

"We are very sorry for the disruption this incident has caused. Our retail partners remain open and we will continue to provide further updates.”

A group of young hackers who targeted Marks and Spencer and other British brands in recent cyber hacks have reportedly claimed responsibility for the JLR attack.

The BBC reported on Wednesday that the gang has bragged about the hack on instant messaging platform Telegram and shared screenshots purporting to be from the car manufacturer’s internal IT system.

It comes after a spate of cyber attacks across the UK retail sector earlier this year, with M&S, the Co-op and Harrods among those worst affected.

https://www.liverpoolecho.co.uk/news/li ... r-32434019

[landy]

https://www.bbc.com/news/articles/c3e712nvyz9o

Jaguar Land Rover pikendab sulgemist järgmise nädalani
Theo Leggett, ärikroonika korrespondent
Reuters

Jaguar Land Rover (JLR) teatas, et nende Ühendkuningriigi tehased jäävad järgmise nädalani suletuks, pärast seda kui autotootjat tabas eelmise kuu lõpus küberrünnak.

Tootmine peatati Solihulli, Halewoodi ja Wolverhamptoni tehaste juures ning töötajad saadeti koju pärast rünnaku avalikustamist 1. septembril.

Ettevõte, mis tavaliselt toodab umbes 1000 autot päevas, tunnistas, et osa andmetest on rünnakust mõjutatud, kuid pole veel selge, keda täpselt see puudutab – kas kliente, tarnijaid või JLR-i ennast.

Töötajatele on öeldud, et nad ei tohiks tööle tulla varem kui kolmapäeval, mis tähendab, et üle kahe täispika nädala globaalset tootmist on kaotatud.

Pärast küberrünnakut sulges JLR oma IT-võrgud, et kaitsta neid kahjustuste eest.

Kuna tänapäevased tehaste ja varuosade tarnevõrgustikud on väga automatiseeritud, tähendas see tootmisliinide sulgemist.

Müügiesindused ei saanud tavapärase aasta ühe tihedaima perioodi jooksul autosid müüa ning JLR-i sõidukeid hooldavad töökodad pidid algselt raskustega vajalikud varuosad hankima.

Hiljem on kasutusele võetud ajutised lahendused, mis olukorda parandasid, kuid häired jätkuvad.

JLR-i tarnijad on samuti rünnakust tõsiselt mõjutatud.

Kolmapäeval tunnistas India Tata Motorsi omanduses olev ettevõte, et andmeid võidi küberrünnakus varastada või kolmandate osapoolte poolt vaadata.

Ettevõte teatas: „Pideva uurimise tulemusel usume nüüd, et osa andmetest on mõjutatud ning teavitame sellest asjakohaseid regulaatoreid. Meie kohtuekspertiisi uurimine jätkub suure kiirusega ning võtame ühendust kõigi asjaomastega, kui leiame, et nende andmed on mõjutatud.“

Rühmitus, kes end nimetab Scattered Lapsus$ Hunters ja kes oli varem seotud Ühendkuningriigi jaemüüjate, sealhulgas M&S-i küberrünnakutega, võttis JLR-i rünnaku eest vastutuse.

M&S-i tegevus oli mõne kuu jooksul häiritud, takistades klientidel internetist tellimist ning põhjustades jaemüüjale 300 miljoni naela kahju.

Eelmisel nädalal teatas Andmekaitse Inspektsioon BBC-le, et JLR oli juhtunu UK andmekaitse järelevalve asutusele teatanud.

Äriminister Chris Bryant kohtus neljapäeva hommikul JLR-i tegevjuhi Adrian Mardelliga ning Äri- ja Kaubandusministeerium teatas, et räägib ettevõttega igapäevaselt.

Teisipäeval ütles Bryant parlamendiliikmetele, et Riiklik Küberjulgeoleku Keskus (National Cyber Security Centre), mis kuulub luureagentuuri GCHQ alla, on JLR-iga koostööd teinud juba juhtumi algusest peale.

Kohalikud parlamendiliikmed saavad ettevõttelt ülevaate reedel toimuval veebikoosolekul.

[Green Oval]

Hea klient,
Mõistetavalt küsivad paljud meie kliendid infot JLR-i küberrünnaku kohta. Jälgime pidevalt nii meediakommentaare kui ka JLR-i ametlikke pressiteateid.
Kahjuks ei ole praegu kindlat infot selle kohta, millal varuosade tarned taas käivituvad.
Viimane pressiteade, mida oleme näinud, on järgmine:
Jaguar Land Rover (JLR) teatas Suurbritannia valitsusele, et küberrünnak, millega nad tegelevad, on häirivam ja keerukam kui hiljutised rünnakud teiste Suurbritannia ettevõtete vastu.
JLR lülitas oma IT-süsteemid kaks nädalat tagasi välja pärast seda, kui avastati, et neid on häkitud, ning ei ole neid siiani saanud taaskäivitada. Tootmine on peatatud kõigis tehastes nii Suurbritannias kui ka välismaal, ning taaskäivitamise tähtaega ei ole teada.
Esmaspäeval, 15. septembril, ütles Jaguar Land Roveri pressiesindaja järgmises avalduses:
„Vabandame siiralt jätkuvate häirete pärast, mida JLR-i küberintsident põhjustab.
Meie uurimine jätkub ja me töötame ööpäevaringselt koos sõltumatute küberjulgeoleku spetsialistidega, et taaskäivitada oma globaalsed rakendused kontrollitud ja turvalisel viisil.“

Teie,
Green Oval

[Green Oval]

https://www.thisismoney.co.uk/money/car ... ttack.html

Jaguar Land Rover extends production shutdown for another week as 'forensic investigation' into cyber attack drags on
By ROB HULL, MOTORING EDITOR

Updated: 09:31 BST, 16 September 2025

Jaguar Land Rover factories will continue to down tools for another week as the car maker confirmed its production pause has been extended until next Wednesday as it continues with its 'forensic investigation' into the cyber attack that's crippled the manufacturer since the beginning of the month.

The company has informed staff, suppliers and partners that the factory shutdown enforced from 31 August will continue until 24 September at the very earliest.

It means JLR plants in the UK, Slovakia, India and Brazil will not have signed a single vehicle off the assembly line for almost four weeks, with the breach reportedly costing the company £5million per day in lost revenue.

'We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,' a JLR spokesman told Daily Mail.

'We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.'

The latest statement comes a week after JLR officially confirmed that 'some data had been affected' by the cyber breach.

The car maker, which was forced to immediately shut down its global online systems following the breach late on Sunday 31 August, had previously stated there had been 'no evidence any customer data has been stolen'.

But last Wednesday it confirmed: 'As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators.

'Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.'

When pressed by the Daily Mail regarding whether this is customer data, a JLR spokesperson refused to comment beyond the official statement provided.

Britain's second biggest car maker has this month drafted in third-party cybersecurity specialists and law enforcement to understand the full consequences of the attack.

The fallout from the cyber breach has been described as the British vehicle manufacturer's 'worst crisis since the pandemic'.

While JLR continues to attempt to reboot and reinstate its online applications in a 'controlled and safe manner', dealers also face difficulties registering new models during one of the calendar's busiest months for car sales.

In the meantime. online catalogues of spare parts cannot be accessed, and diagnostic equipment used to identify reliability issues are not working, which means thousands of existing customers are already facing repair delays.

According to The Times, JLR bosses behind closed doors have conceded that it will take 'a matter of weeks rather than days' to bring its systems back online.

Young English-speaking hackers – who are thought to be teens calling themselves 'Scattered Lapsus$ Hunters' – earlier this month laid claim to being responsible for the breach of JLR's systems.

This is the same group behind the highly damaging attack on Marks and Spencer earlier in the year.

Despite owning up to the breach, they have yet to confirm if they successfully stole private data from JLR or installed malicious software onto the company's network.

However, security experts who have analysed the images shared by the hackers have warned they appear to have successfully accessed information they should not have.

The hacker posted two images just three days after carrying out the cyber attack. These showed apparent internal instructions for troubleshooting a car charging issue and internal computer logs.

Co-op, which alongside M&S and Harrods also fell victim to hackers in spring this year, like JLR had originally hinted that customer data had not been accessed.

On 30 April the retailer stated that a breach of its IT systems would only have a 'small impact' on its call centre and back office.

But in July its chief executive issued a grovelling apology after confirming that all 6.5million of its members had their data stolen as a result of the attack.

Read More
Marks & Spencer tech chief quits months after cyber attack that cost retailer an estimated £300m
article image
Experts have warned there will be 'long tail' ramifications of the cyber breach for JLR, with suppliers already raising concerns about the impact of its near operation-wide shutdown.

Local companies providing parts for its vehicles have already temporarily laid off workforces in response.

There have been suggestions that the government could be forced to step in with financial support to cushion the impact on JLR’s suppliers.

David Bailey, professor of business economics at Birmingham University, has warned that the cyber breach could cost the car maker a 'catastrophic' £5million a day.

Commenting on the cyber incident, Dray Agha, senior manager of security operations at security specialist Huntress, told the Daily Mail: 'This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month.

'Cybercriminals know this, and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.'

Agha added that restarting these systems is a 'complex' operation.

'While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack.

'Containment and recovery are crucial parts of responding to an incident, and many organisations still do not have the detection and response technologies to neutralise security intrusions.'

A spokesperson for the National Cyber Security Centre has said it is working with JLR to 'provide support' as it continues to understand the full ramifications of the breach.

--------------
Jaguar Land Roveri tehased jätkavad tööseisakut veel ühe nädala, kuna autotootja kinnitas, et tootmispause on pikendatud kuni järgmise kolmapäevani seoses jätkuva „kohtuekspertiisi tasemel uurimisega“ küberrünnaku osas, mis on ettevõtte alates kuu algusest halvanud.

Ettevõte on teavitanud töötajaid, tarnijaid ja partnereid, et 31. augustil kehtestatud tootmisseisak kestab vähemalt 24. septembrini.

See tähendab, et JLR-i tehased Ühendkuningriigis, Slovakkias, Indias ja Brasiilias ei ole peaaegu neli nädalat tootmisliinilt ühtegi autot välja saatnud. Väidetavalt maksab rikkumine ettevõttele kaotatud tulu näol 5 miljonit naela päevas.

„Oleme selle otsuse langetanud, kuna meie kohtuekspertiisi tasemel uurimine küberintsidendi osas jätkub ning kaalume erinevaid globaalse tegevuse kontrollitud taaskäivitamise etappe, mis võtab aega,“ ütles JLR-i pressiesindaja väljaandele Daily Mail.

„Vabandame jätkuvate häirete pärast, mida see intsident põhjustab, ja anname uurimise käigus jooksvalt täiendavat infot.“

Viimane avaldus tuli nädal pärast seda, kui JLR ametlikult kinnitas, et küberrünnaku käigus „on osa andmeid mõjutatud“.

Autotootja, kes oli sunnitud pärast 31. augusti hilisõhtul toimunud turvarikkumist oma globaalsed online-süsteemid viivitamatult sulgema, oli varem väitnud, et „pole märke, et kliendiandmeid oleks varastatud“.

Kuid möödunud kolmapäeval kinnitati: „Meie jätkuva uurimise tulemusena usume nüüd, et osa andmeid on mõjutatud, ning teavitame vastavaid regulatiivorganeid. Meie kohtuekspertiisi uurimine jätkub intensiivselt ja võtame vajadusel ühendust igaühega, kelle andmeid võib see puudutada.“

Kui Daily Mail uuris, kas tegemist on kliendiandmetega, keeldus JLR-i esindaja ametlikust avaldusest kaugemale kommenteerimast.

Suurbritannia suuruselt teine autotootja on sel kuul kaasanud kolmandatest osapooltest küberturbe spetsialiste ja õiguskaitseasutusi, et mõista rünnaku täielikku mõju.

Küberrünnakut on kirjeldatud kui Briti autotootja „suurimat kriisi alates pandeemiast“.

Kui JLR jätkab katseid taaskäivitada ja taastada oma online-rakendused „kontrollitud ja turvalisel viisil“, seisavad edasimüüjad silmitsi raskustega uute mudelite registreerimisel ühe aasta müügimahukama kuu ajal.

Samal ajal ei ole võimalik kasutada varuosade online-katalooge ning diagnostikaseadmed, mida kasutatakse töökindlusprobleemide tuvastamiseks, ei tööta – see tähendab, et tuhanded olemasolevad kliendid seisavad juba silmitsi remondiviivitustega.

The Times’i andmetel on JLR-i juhid kinnitanud, et süsteemide taaskäivitamine võtab aega „nädalaid, mitte päevi“.

Noored inglise keelt kõnelevad häkkerid – keda peetakse teismelisteks ja kes nimetavad end „Scattered Lapsus$ Hunters“ – võtsid selle kuu alguses vastutuse JLR-i süsteemide rikkumise eest.

Tegu on sama grupiga, kes vastutas varem sel aastal ka Marks & Spenceri vastu suunatud ränga rünnaku eest.

Kuigi nad on rünnaku omaks võtnud, ei ole nad kinnitanud, kas varastasid JLR-ist privaatsed andmed või paigaldasid ettevõtte võrku pahavara.

Küberjulgeoleku eksperdid, kes on analüüsinud häkkerite jagatud pilte, on hoiatanud, et need viitavad siiski ligipääsule infole, millele neil ei tohiks olla juurdepääsu.

Kolm päeva pärast küberrünnakut postitas häkker kaks pilti, mis näitasid väidetavalt sisemisi juhiseid auto laadimisprobleemi lahendamiseks ja sisemisi arvutilogisid.

Ka Co-op (nagu ka M&S ja Harrods) langes sel kevadel häkkerite ohvriks ning vihjas esialgu, et kliendiandmetele ligi ei pääsetud.

aprillil teatas jaekett, et nende IT-süsteemide rikkumine avaldab „vaid väikest mõju“ kõnekeskusele ja taustaprotsessidele.

Kuid juulis esitas tegevjuht avaliku vabanduse pärast kinnitust, et kõigi 6,5 miljoni liikme andmed varastati rünnaku tulemusel.

Eksperdid on hoiatanud, et JLR-i küberrünnakul on „pikaajalised tagajärjed“, kuna tarnijad on juba väljendanud muret peaaegu kogu tootmise seiskumise mõju pärast.

Kohalikud ettevõtted, kes tarnivad JLR-ile osi, on juba ajutiselt tööjõudu koondanud. On spekuleeritud, et valitsus võib olla sunnitud sekkuma ja pakkuma rahalist tuge, et leevendada mõju JLR-i tarnijatele.

Birminghami Ülikooli ärimajanduse professor David Bailey on hoiatanud, et küberrünnak võib autotootjale maksma minna „katastroofilised“ 5 miljonit naela päevas.

Turvafirma Huntress’i turbeoperatsioonide vanemjuht Dray Agha ütles Daily Mailile: „See intsident näitab, kui haavatav on tänapäevane tootmine – üksainus IT-süsteemi rünnak võib peatada mitme miljardi naela väärtuses füüsilise tootmisliini ja mõjutada otseselt müüki, eriti kriitilisel ajal, nagu uute autode registreerimiskuu.“

„Küberkurjategijad teavad seda ning kasutavad sageli äritegevuse seiskumist survevahendina, et sundida ohvreid lunaraha maksma.“

Agha lisas, et süsteemide taaskäivitamine on „keeruline“ operatsioon.

„Kuigi süsteemide kiire sulgemine oli eeskujulik kahjude piiramise taktika, mis tõenäoliselt vältis ulatuslikumat andmeleket, rõhutab see tohutut taastamise väljakutset, millega ettevõtted pärast rünnakut silmitsi seisavad, kui nad peavad turvaliselt taaskäivitama keerukaid ja omavahel seotud süsteeme.

Intsidendi ohjamine ja taastamine on kriitilised reageerimise osad, kuid paljudel organisatsioonidel puuduvad endiselt tuvastamis- ja reageerimistehnoloogiad, et turvarikkumisi tõhusalt neutraliseerida.“

Riikliku küberturvalisuse keskuse pressiesindaja ütles, et nad teevad JLR-iga koostööd, et pakkuda tuge ja aidata mõista rikkumise täielikku mõju.

[landy]

JLR supply chain staff told to apply for universal credit, union claims
https://www.bbc.com/news/articles/c784nwvj1l3o

Emer MoreauBusiness reporter

Workers throughout the Jaguar Land Rover (JLR) supply chain are being told to apply for universal credit following the cyber attack on the company, a union has said.

Unite said staff were being laid off with "reduced or zero pay" following the hack, which has forced the carmaker to shut down its IT networks and halt production.

Unite has called for the UK government to set up a furlough scheme, similar to the one announced by the Scottish government for bus maker Alexander Dennis.

JLR declined to comment on the union's claim. It has previously said factory production would not resume until 24 September at the earliest, but sources claim disruption could last until November.

Unite general secretary Sharon Graham said it was the "government's responsibility to protect jobs and industries that are a vital part of the economy".

"Workers in the JLR supply chain must not be made to pay the price for the cyber attack," she added.

Minister for Industry Chris McDonald met representatives from JLR on Tuesday.

In a statement on Wednesday, he said he has had discussions with the firm about restarting production and will be meeting with others in the industry, and those that supply it, in the coming days to hear about the issues they are facing as a result of the cyber attack.

"We know this is a worrying time for those affected, and although Jaguar Land Rover are taking the lead on support for their own supply chain, our cyber experts are supporting them to resolve the issue as quickly as possible," he said.

A spokesperson for Prime Minister Keir Starmer said on Tuesday there were currently no discussions about offering taxpayer help to JLR amid the production pause.

JLR's supply chain supports 104,000 jobs in the UK and sits at the top of a pyramid of suppliers, many of whom are highly dependent on the carmaker being their main customer.

The hack, which occurred more than two weeks ago, has forced the manufacturer to shut down its computer systems and close production lines worldwide.

The crisis is thought to have cost JLR at least £50m a week. A criminal investigation is under way.

There are growing concerns that many of JLR's suppliers, small and medium-sized firms, do not have the resources to cope with an extended interruption to business and subsequent losses.

[landy]

JLR could face disruption until November after hack
https://www.bbc.com/news/articles/czewlj57e24o
Theo Leggett Business correspondent

Jaguar Land Rover (JLR) has told suppliers that production at its factories will not resume until 24 September at the earliest following a serious cyber attack, but industry sources have warned disruption could last into November.

The hack, which occurred more than two weeks ago, forced JLR to shut down its IT networks and paralysed production. A criminal investigation is under way.

JLR has dismissed reports that the operational impact of the attack may continue for weeks or months as "speculation".

But concerns are growing about the impact of the stoppage on the carmaker's extensive supply chain, amid claims some companies could face bankruptcy without prompt financial support.

The shutdown is believed to be costing the company at least £50m a week in lost production. JLR would normally expect to build more than 1,000 cars a day.

The firm, which is owned by India's Tata Motors, has car plants in Solihull and Halewood, as well as an engine facility in Wolverhampton.

It also has large factories in Slovakia and China, as well as a smaller facility in India.

But all of the production lines have been at a standstill since 1 September when the hack first came to light.

Announcing the latest delay, JLR said: "We have taken this decision as our forensic investigation of the cyber incident continues and as we consider the different stages of the controlled restart of our global operations, which will take time.

"We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses."

JLR initially appeared confident that the situation would be resolved quickly. However, it has since become clear that restarting production is not a simple process.

The company has admitted some data may have been viewed or stolen by third parties as a result of the cyber attack.

By 24 September, three and a half weeks of output will have been lost. Industry insiders say that even once the production lines have restarted, getting back to normal output is likely to take several weeks.

Among suppliers, many of whom are small and medium sized businesses, there is growing concern.

Several have told the BBC they simply do not have the financial resources to cope with an extended shutdown and industry experts have said bankruptcies are likely, unless some kind of support is provided.

Jason Richards, West Midlands regional officer at Unite the union, told the BBC: "We're already seeing employers having discussions on potential redundancies. People have to pay rent, they have to pay mortgages and if they're not getting any pay, what are they supposed to do?

"We need to have a supply chain into Jaguar Land Rover. I can't emphasise it enough [because] if they turn the tap on and they're expecting the supply chain to be waiting on the subs bench, they won't be there," he added.

[landy]

https://www.theguardian.com/business/20 ... curity-jlr

https://www.bbc.com/news/articles/c15kpxnn2p2o

https://news.sky.com/story/jaguar-land- ... s-13437655

[landy]

https://www.bbc.com/news/articles/cgl15 ... h_fl-25mDw


Government to guarantee £1.5bn JLR loan after cyber shutdown

Author,Rachel Clun
Role,business reporter, BBC News
27 September 2025

The government will underwrite a £1.5bn loan guarantee to Jaguar Land Rover (JLR) in a bid to support its suppliers as a cyber-attack continues to halt production at the car maker.

Business Secretary Peter Kyle said the loan, from a commercial bank, would protect jobs in the West Midlands, Merseyside and across the UK.

The manufacturer has been forced to suspend production for weeks after being targeted by hackers at the end of August.

There have been growing concerns some suppliers, mostly small businesses, could go bust due to the prolonged shutdown.

Advertisement

About 30,000 people are directly employed at the company's UK plants with about 100,000 working for firms in the supply chain. Some of these firms supply parts exclusively to JLR, while others sell components to other carmakers as well.

It is believed to be the first time that a company has received government help as a result of a cyber-attack.

It is hoped the loan will give suppliers some certainty as the shutdown continues, with production not expected to resume at JLR's UK facilities until 1 October at the earliest.

The government will underwrite the loan through the Export Development Guarantee (EDG), a financial support mechanism aimed at helping UK companies who sell overseas.

The loan will be paid back by JLR over five years, in an effort to boost the firm's cash reserves as it makes a "backlog of payments" to its suppliers.

No cars have been built this month, and the company has stopped placing orders with its 700 suppliers.

A parliamentary committee said some small suppliers had told them they had, at most, one week left before they ran out of cash.

The halt in operations is thought to be costing JLR itself at least £50m per week.

The manufacturer, owned by India's Tata Motors, typically builds about 1,000 cars a day at its three factories in Solihull and Wolverhampton in the West Midlands, and Halewood in Merseyside.

JLR restarts some IT systems after cyber-attack
JLR suppliers with 'days of cash' left
Kyle said the loan guarantee would help protect jobs in the West Midlands, Merseyside and elsewhere in the JLR supply chain.

"We are offering a £1.5bn credit facility to JLR with the explicit intention that that is to support the supply chain into JLR as well," he said.

"This is a big moment: this will offer an enormous resource for JLR and the supply chain to get through the immediate challenges that they face."

Chancellor Rachel Reeves said: "Today we are protecting thousands of those jobs with up to £1.5bn in additional private finance, helping them support their supply chain and protect a vital part of the British car industry."

Shadow business secretary Andrew Griffith welcomed the government's support but said it "took too long to get there" and called on Labour to form a cyber reinsurance scheme to protect British businesses from state-backed actors.

Liberal Democrat business spokesperson Sarah Olney also praised the move but said the government had been "too slow to act", adding it should also be prepared to provide a furlough scheme for affected workers if required.

Local MPs have supported the government move.

Sarah Coombes, Labour MP for West Bromwich said the crisis had "put thousands of jobs in the Black Country at risk".

"The government has listened to our manufacturing supply chain and taken strong action to protect jobs," she said on social media.

Conservative MP for Meriden and Solihull East Saqib Bhatti said the loan guarantee was necessary, but the government response had been slow.

"Do I think the government moved too slowly? 100%. They need to learn from this and be more nimble," he said on social media.

Union Unite, representing thousands at JLR and in the supply chain, described the government support as an "important first step".

"The money provided must now be used to ensure job guarantees and to also protect skills and pay in JLR and its supply chain," said general secretary Sharon Graham.

JLR was hit by a cyber-attack on 31 August. A group calling itself Scattered Lapsus$ Hunters has claimed responsibility for the hack.

It was also behind a number of high-profile attacks on retailers earlier this year, including Marks & Spencer and Co-op.

JLR workers have been told to stay home since 1 September, with no firm return date provided.

A JLR spokesperson said: "Our teams continue to work around the clock alongside cybersecurity specialists, the NCSC and law enforcement to ensure we restart in a safe and secure manner.

"The foundational work of our recovery programme is firmly under way, and we will continue to provide regular updates to our colleagues, retailers and suppliers."

[landy]

https://www.bbc.com/news/articles/cwydxpdgx61o