Jaguar Land Rover (JLR) is grappling with a severe crisis following a crippling cyberattack that has brought its global operations to a standstill, leaving customers in limbo and thousands of workers temporarily laid off. The attack, described as a major "cyber incident" by the company and an "IT security incidence" by its parent company Tata Motors, has not only halted production at its plants in the UK (Solihull, Halewood, Wolverhampton), Slovakia (Nitra), Brazil, and India, but has also rendered critical IT systems useless. This has impacted everything from performing diagnostic tests for vehicle servicing to accessing online spare parts catalogues and registering new vehicle sales, including during the crucial 'new plate day' for '75' registration plates.

The immediate fallout has been extensive. Factory staff at JLR's main assembly plants and engine manufacturing centre were told not to report to work, with production at the £1.04 billion Nitra plant in Slovakia, which employs around 5,000 people and produces the Land Rover Defender and Discovery, completely halted for several days. Hopes for a quick resolution have faded, as JLR bosses concede that restoring systems to operational status will take "a matter of weeks rather than days," with a "long tail of work" extending even further. Speculation suggests production could be impacted for "most of September" or even longer, with some company insiders fearing it could be even worse. Professor David Bailey of Birmingham University noted the "pretty catastrophic" nature of the cyberattack, estimating a hit to profits of "£5 million a day," warning that prolonged disruption could lead customers elsewhere.

The cyberattack has also resulted in confirmed data theft. While JLR initially stated there was "no evidence any customer data has been stolen," the company has since revealed that "some data has been affected" and is informing relevant regulators. The forensic investigation is ongoing, and JLR plans to contact individuals if their data has been impacted. A group called "Scattered Lapsus$ Hunters," affiliated with the hacker collective The Com and connected to "Scattered Spider" – a group linked to previous high-profile hacks on M&S, Harrods, and the Co-op – has claimed responsibility for the attack. Three teenagers and a woman were arrested in July in connection with these broader attacks, though JLR has not publicly identified those behind their specific incident.

The economic ramifications extend far beyond JLR itself, particularly impacting the West Midlands automotive sector, which is currently grappling with its worst crisis since the enforced shutdown due to the Covid pandemic. A number of companies reliant on JLR and its Indian owner, Tata Motors, have been forced to temporarily lay off workforces. Suppliers such as Evtec, WHS Plastics, SurTec, and OPmobility, which collectively employ over 6,000 UK workers, are among those affected. Raj Kandola, chief executive of the Birmingham Chambers of Commerce, underscored JLR's role as an "anchor institution" whose troubles ripple through extensive supply chains, affecting "many, many thousands of people."

JLR is working "around the clock" with third-party cybersecurity specialists and law enforcement to restart global applications in a controlled and safe manner. The company has apologised for the significant disruption caused to customers, partners, suppliers, and colleagues, while assuring that retail partners remain open and will continue to provide updates. Some dealers have managed to ease problems with workarounds using third-party technology, though a major recall would be challenging to execute without fully functional systems.

This cyber incident adds to a series of challenges JLR has navigated recently. Last year saw a global backlash over the rebrand of the Jaguar marque in November, which involved dropping its iconic badge and launching a teaser video focused on catwalk models rather than cars, aiming for younger, richer, and more urban customers. The move, intended to position JLR to compete with luxury brands like Bentley and Porsche with new electric vehicles set to launch next year, faced stern criticism, including from former US President Donald Trump, who labeled it "stupid," "seriously WOKE," and a "total disaster." The rebrand has been associated with operational setbacks, including up to 500 job cuts and a significant 97.5% decline in European sales, though this is partially attributed to a pause in production ahead of the electric lineup launch. Current CEO Adrian Mardell, whose departure in December after 35 years is reportedly unrelated to the rebranding controversy, will be replaced by PB Balaji, finance chief at Tata Motors.

Beyond branding, JLR also faced the threat of Trump's proposed 25 percent import taxes on cars and parts, a significant concern given the US is JLR's largest single market, accounting for around a quarter of its vehicles. This led to a temporary suspension of shipments to America. While a subsequent UK-US trade deal allowed 100,000 cars a year at a 10 percent tariff, this was still four times higher than the previous 2.5 percent rate. Despite these headwinds, JLR reported its best financial return in a decade in May, with a £2.5 billion pre-tax profit for the 12 months to March, driven by strong sales of the Slovakian-made Land Rover Defender. However, quarterly profits later dropped by a significant 49 percent in the wake of Trump’s protectionist strategy.

Amidst the gloom, there is a sliver of hope. The government has expressed its commitment to working closely with JLR and its suppliers, with the National Cyber Security Centre offering support. There is also potential for government financial assistance, akin to the £150 million provided to the automotive supply chain after the 2011 Fukushima disaster. Furthermore, some independent suppliers of Jaguar and Land Rover surplus stock, such as Sarah Hutchins in Bromsgrove, are ironically seeing increased business as mainstream dealers struggle to access parts due to the system failures, driving customers to alternative sources.