The attack on Jaguar Land Rover costs the UK economy $2.5B, marking its most damaging cyber incident, says CMC.
In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack also impacted systems at the Solihull production plant.
UK dealers reported JLR disruptions blocking car registrations and parts supply.
The company initially said customer data was not compromised.
“JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.” reads the statement published by the automaker. “At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupt”
The automaker did not disclose technical details about the incident; however, the group “Scattered Lapsus$ Hunters,” behind recent UK retail cyberattacks, claimed responsibility for the JLR attack.
Jaguar Land Rover (JLR) is a British luxury vehicle manufacturer headquartered in Whitley, Coventry, UK. JLR combines two iconic brands, Jaguar and Land Rover. Since 2008, JLR has been owned by Tata Motors (India), which bought it from Ford. JLR sells vehicles in over 120 countries, with major markets in Europe, North America, and China.
In mid-September, JLR confirmed that the cyberattack also led to a data breach without disclosing details about the type of information that had been compromised.
Now the Cyber Monitoring Centre estimated that the cyberattack on Jaguar Land Rover that halted production for over a month cost the UK economy an estimated £1.9 billion ($2.5 billion).
Cyber Monitoring Centre (CMC) states that the attack is “the most economically damaging cyber event” ever impacted the United Kingdom.
The Cyber Monitoring Centre rated the Jaguar Land Rover cyberattack as a Category 3 systemic event, it impacted over 5,000 firms.
“The CMC model estimates the event caused a UK financial impact of £1.9 billion and affected over 5,000 UK organisations. The modelled range of loss is £1.6 billion to £2.1 billion but this could be higher if operational technology has been significantly impacted or there are unexpected delays in bringing production back to pre-event levels.” reads the CMC’s report. “This estimate reflects the substantial disruption to JLR’s manufacturing, to its multi-tier manufacturing supply chain, and to downstream organisations including dealerships”
The JLR cyberattack qualifies as a Category 3 event, causing £1–5B in UK losses and affecting over 2,700 firms. Unlike WannaCry or CrowdStrike, it hit one main victim but spread economically through supply chains. The incident also impacted workers, prompting pay cuts, layoffs, and heightened job insecurity across the automotive sector.
The CMC estimates the cyberattack caused £1.9B in losses (range £1.6B–£2.1B), mainly from halted production and supply chain disruption. Vehicle output fell by 5,000 per week for five weeks, costing £108M weekly. Recovery to full production is expected by early January 2026. Losses also include IT rebuild, supplier strain, and reduced sales. No ransom or data breach losses were counted.
“This event demonstrates how a cyber attack on a single manufacturer can reverberate across regions and industries, from suppliers to transport and retail, and underscores the strategic importance of cyber resilience in the UK’s industrial base.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Jaguar Land Rover)
