Jaguar Land Rover cyber attack costs firm £485m in the quarter

Jaguar Land Rover (JLR) has paid a heavy price for the cyber attack it suffered in August, reporting a revenue loss of £485m for the three months ending 30 September. In the same period in 2024, it reported a profit of £398m.

The attack caused the car maker to shut down its factories for around six weeks. Production is now back to normal, having begun to resume at the beginning of October, around the same time as the government announced it would back the company with a £1.5bn loan guarantee to support its supply chain.

The Cyber Monitoring Centre (CMC) said on 22 October it believed the wider economic cost of the attack to be £1.5bn up to that point, describing the attack as a Category 3 Systemic Event on its “hurricane” scale.

JLR today reported quarterly revenue of £4.9bn, down 24% year on year. It had been, it said, a “challenging” quarter. The cyber attack compelled the company to restart the IT systems used to wholesale vehicles and its Global Parts Logistics Centre. It also had to fast‑track the introduction of a supplier financing scheme to provide suppliers with cash. The almost £500m loss was partly related to cyber-related costs totalling £196m, the company said.

JLR CEO Adrian Mardell said: “JLR has made strong progress in recovering its operations safely and at pace following the cyber incident. In our response, we prioritised client, retailer and supplier systems, and I am pleased to confirm that production of all our luxury brands has resumed.”

The company reported its results just as the Office for National Statistics reported that the UK economy grew a mere 0.1% in the third quarter of 2025, down from 0.3% in the second quarter.

JLR was helped by the National Cyber Security Centre (NCSC) during the attack and in its aftermath. So far, neither the car maker nor the NCSC have disclosed who was responsible for the attack.

Cyber security threat analysis firm Cyfirma has identified the Scattered Spider Lapsus$ Hunters group as the likely attacker.

Cyfirma’s report noted that a Telegram channel calling itself Scattered Lapsus$ Hunters claimed responsibility for Jaguar Land Rover’s cyber security incident in the early days, sharing a screenshot of Jaguar Land Rover’s internal IT systems.

The channel’s name merges three English-speaking hacker collectives: Scattered Spider, Lapsus$ and ShinyHunters.

The firm also noted that Shinyhunters Collective has previously been linked to cyber attacks on UK retailers.

“Researchers, media outlets and our own assessment indicate with medium confidence that the group ShinHhunters [sic] Collective may be responsible,” it said.

Meanwhile, the government’s Business and Trade Committee wrote to Tata Consultancy Services in late September seeking answers over possible links to the attack on JLR. Its chair, Liam Byrne MP, wrote to TCS CEO Krithi Krithivasan to seek information about the JLR cyber attack and other cyber incidents at Marks and Spencer (M&S) and Co-op Group.

TCS was briefly linked to the Scattered Spider attack on M&S earlier this year. The Financial Times and the BBC separately reported, in May 2025, that the Indian IT services firm was conducting an internal investigation to find out whether it was the entry point for the cyber attack on M&S. JLR is coincidentally backed by the wider Tata organisation.