Jaguar Land Rover’s battle to recover from a devastating cyberattack could see its factories idle until November, according to suppliers briefed on the situation, raising fears of lasting damage to Britain’s largest carmaker and its supply chain.
The Tata Motors-owned manufacturer has already endured two weeks of halted production since hackers targeted its systems on 1 September, forcing it to shut down global operations and send thousands of workers home. The company admitted last week that “some data” may have been accessed, and has referred the incident to the Information Commissioner’s Office, fuelling concerns that customer details could be at risk.
Suppliers are now reported to have been warned that assembly lines may remain dark for another seven weeks. The Daily Telegraph cited one source who said November had been floated as a “guidance date which they think is sensible”, though stressed that even an earlier restart would take weeks before production returned to a normal run rate of around 1,000 vehicles a day.
Jaguar Land Rover denied issuing any official guidance to suppliers, insisting it was still working “around the clock” to restore its global IT systems in a “controlled and safe manner”.
The disruption has paralysed production at JLR’s Solihull and Halewood plants, its Wolverhampton engine facility and Castle Bromwich site. Thousands of staff remain on standby, with unions urging the government to consider a temporary furlough-style scheme to subsidise pay and protect livelihoods.
The longer the outage continues, the greater the strain on JLR’s fragile supply chain. Andy Palmer, former chief executive of Aston Martin, warned he “would not be at all surprised” if some suppliers face insolvency due to the sudden collapse in cashflow.
The crisis is the latest blow for the carmaker, which has faced headwinds from falling quarterly profits, shifting US tariffs and the challenge of financing its electric transition. Insiders say the immediate priority is restoring manufacturing capability without leaving systems vulnerable to further attack.
JLR has so far declined to clarify whether any customer data has been compromised. Initially it said there was “no evidence” of stolen information, but its subsequent disclosure to regulators suggests investigations are ongoing.
Even with systems back online, it may take weeks for production to stabilise, raising questions about whether the company can meet its output targets for the remainder of the year. For Britain’s wider automotive industry, the episode underscores both the risks of cyberattacks and the vulnerability of supply chains built on just-in-time production.
