The hack is likely to cost JLR hundreds of millions of pounds, and has caused turmoil across its sprawling supply chain \u2013 particularly in the West Midlands surrounding the company\u2019s headquarters in Gaydon and the Solihull factory, where it makes its money-spinner Range Rovers. With little hope of an imminent restart, the UK government is facing increasing calls for financial support for suppliers that fear going bust if the sudden revenue drought continues.<\/p>\n
Officials at the Department for Business an Trade are understood to be speaking to JLR daily, while the National Cyber Security Centre has been working with the company since last Wednesday to provide support in relation to the incident.<\/p>\n
Jaguar Land Rover\u2019s chief executive, Adrian Mardell, pictured with Keir Starmer, has oversee a turnaround strategy called \u2018reimagine\u2019. Photograph: Kirsty Wigglesworth\/AFP\/Getty Images<\/p>\n
Morale has \u2013 unsurprisingly \u2013 been badly hit across the workforce. Factory workers have been told not to return until at least Wednesday<\/a>, but several people close to JLR believe the wait could be longer still. Managers may have access to emails, but computer-aided design, engineering software and product life-cycle software was down this week. However, the company has put in workarounds to make payments and ship cars to customers, and has focused on keeping existing customers happy with a flow of spare parts.<\/p>\n The JLR chief executive, Adrian Mardell, had been planning a quiet few months before stepping down after three years at the top (and 35 years at the company). Instead, he and JLR, which is owned by India\u2019s Tata Group, have been plunged into weeks of scrambling to restart production. Mardell met the business and trade minister Chris Bryant last week to discuss the incident, and government officials are in daily contact for updates.<\/p>\n The hack will cast a shadow over Mardell\u2019s legacy. His task over three years in charge had been to oversee a turnaround strategy, called \u201creimagine\u201d, that involved selling fewer cars but at much higher prices. That resulted in 11 consecutive quarters of profits, despite Donald Trump\u2019s tariffs<\/a> and global instability prompted by Russia\u2019s full-scale invasion of Ukraine. Mardell had also decided to wait for the right moment<\/a> for a new electric Range Rover and the new Jaguar after a controversial rebrand<\/a> \u2013 with further delays now possible.<\/p>\n Outsourced cybersecurity<\/p>\n JLR has been owned since 2008<\/a> by Tata Group. The carmaker is not the only part of the sprawling conglomerate to have questions to answer after the hack: in 2023 JLR outsourced a huge part of its computer systems to Tata Consultancy Services (TCS). TCS is one of the biggest outsourcing companies in the world and makes the bulk of the dividends paid out to the Tata family\u2019s holding company.<\/p>\n TCS has been at the centre of the response to the hack that has crippled JLR, with a large number of employees scrambling to work out the source of the intrusion. TCS did not respond to requests for comment.<\/p>\n Under the five-year, \u00a3800m contract agreed in 2023, TCS and JLR planned to \u201crapidly transform, simplify, and manage its digital and IT estate, supporting its broader strategic business transformation\u201d. TCS runs large parts of JLR\u2019s key computer systems, ranging from its networks to data connections, and, crucially, its cybersecurity.<\/p>\n Part of the reimagine strategy required more flexible software to enable the luxury carmaker to produce Range Rovers in precisely the configuration demanded by the global rich paying \u00a3120,000 plus \u2013 all while retaining the efficiency of a high-volume factory.<\/p>\n \u201cI would argue that JLR\u2019s software is probably more complex than Nasa putting a spacecraft into space,\u201d said one supplier (with perhaps a touch of hyperbole). \u201cWhen it works it\u2019s a thing of wonder. This has exposed it.\u201d<\/p>\n One of TCS\u2019s jobs was to manage the upgrade of JLR factory systems to the latest software from the German company SAP. That software was vital to managing production of vehicles and getting parts to the right place at the right time, as well as the \u201chandshake\u201d systems that link to other suppliers. SAP declined to comment.<\/p>\n The hack will raise questions for TCS, which runs large parts of JLR\u2019s key computer systems. Photograph: imageBROKER.com\/Alamy<\/p>\n In a video with JLR published on TCS\u2019s website, the TCS president of manufacturing, Anupam Singhal, highlights \u201csmart factories where everything is connected\u201d to try to \u201cremove waste\u201d and use artificial intelligence to \u201cavoid plant downtime\u201d.<\/p>\n The fact that \u201ceverything is connected\u201d in JLR\u2019s systems appears to have become a vulnerability. When it discovered the intrusion, the carmaker was unable to isolate factories or functions, forcing it to shut down most of its systems.<\/p>\n The hack will raise questions for TCS, which also works with Marks & Spencer<\/a> and the Co-op<\/a>, two British retailers who suffered attacks this year. Reuters reported in May that TCS was the \u201cmeans of access\u201d for hackers to get into M&S\u2019s systems over the Easter weekend. TCS said in a June statement that \u201cno TCS systems or users were compromised\u201d.<\/p>\n The links with the JLR attack and the retail incidents have led to speculation that the hacks could have been carried out by the same group. The M&S and Co-op hacks have been blamed on an English-language speaking hacking community known as Scattered Spider. Four arrests have been made in the UK in relation to the M&S and Co-op hacks.<\/p>\n Soon after the JLR incident a channel on the Telegram platform<\/a> posted a screenshot of what appeared to be the carmaker\u2019s internal IT systems, as well as a news article about the attack. The channel\u2019s name was, pointedly, a combination of Scattered Spider and two other English-language-speaking, or western-based, hacking groups known as Lapsus$ and ShinyHunters.<\/p>\n M&S was a ransomware attack, a form of hack that effectively locks up a target\u2019s IT systems and is typically associated with groups based in former Soviet states. JLR has not confirmed the nature of the attack that has closed its factories.<\/p>\n One piece of circumstantial evidence was a person on the Telegram channel called Rey, who shared the same pseudonym as a member of Hellcat, the English-language speaking ransomware gang that claimed to have extracted data from JLR earlier this year.<\/p>\n skip past newsletter promotion<\/a><\/p>\n Sign up to Business Today<\/p>\n Get set for the working day \u2013 we’ll point you to all the business news and analysis you need every morning<\/p>\n Privacy Notice: Newsletters may contain information about charities, online ads, and content funded by outside parties. If you do not have an account, we will create a guest account for you on theguardian.com<\/a> to send you this newsletter. You can complete full registration at any time. For more information about how we use your data see our Privacy Policy<\/a>. We use Google reCaptcha to protect our website and the Google Privacy Policy<\/a> and Terms of Service<\/a> apply.<\/p>\n after newsletter promotion<\/p>\n However, the channel, a messy affair with more than 50,000 followers, has since closed down. One law enforcement source advised caution against taking anything from the channel at face value.<\/p>\n JLR declined to discuss details of the hack.<\/p>\n Supply chain pressure<\/p>\n JLR has access to about \u00a36bn in cash, likely enough resources to cope with the crisis even without the help of its huge parent conglomerate, Tata.<\/p>\n Jim Williamson of the bond rating agency CreditSights estimated that JLR could burn through as much as \u00a3900m of cash in September, with a \u00a31.7bn decline in working capital \u2013 although it could probably recoup a big chunk of that through catchup sales. Williamson added that JLR had \u201cplenty of options\u201d if it needed short-term cash, including issuing new debt, borrowing from banks, or event the government\u2019s UK Export Finance to save the day.<\/p>\n But for some companies in the supply chain the problems may be existential.<\/p>\n JLR has set up a help desk for suppliers. Yet some believe the government needs to step in. JLR has not asked for state support for itself, but is trying to share information on the extent of its supply chain, which may include more than 700 companies making the 30,000 parts that can make up a luxury car.<\/p>\n JLR\u2019s supply chain may include more than 700 companies making the 30,000 parts in a luxury car. Photograph: Matt Crossick\/Alamy<\/p>\n \u201cIt would be irresponsible if the government didn\u2019t do something if they\u2019re committed to the automotive sector,\u201d said one supplier. \u201cGovernment need to move quickly.\u201d<\/p>\n For supply chain workers, every day without production raises the threat<\/a> to their jobs. The Aim-listed insulation supplier Autins Group and the German seat controls manufacturer Brose said workers would be paid for \u201cbanked\u201d hours to be worked later on, while the axel maker Dana, the seat maker Lear Corporation and the sunroof maker Webasto were among the other companies where temporary or permanent workers\u2019 jobs were at risk.<\/p>\n The Unite union said the government needed to step in with a furlough scheme to pay wages of factory worker members unable to work, amid concern for the fate of the supply chain.<\/p>\n The industry minister Chris McDonald said on Friday JLR was \u201ctaking the lead on support for their own supply chain\u201d. A government source did not rule out some form of support \u2013 although a furlough scheme is thought to be unlikely. The government is focusing on working out if supplier collapses could hold up a restart.<\/p>\n Meanwhile many people in JLR are still in \u201cinvestigation mode\u201d, according to one person close to the company \u2013 while others try to rebuild systems in parallel. Several people said the company genuinely did not know when it would be able to restart.<\/p>\n Even when JLR manages to recover its computer systems, the restart will be complicated by more than a thousand cars on lines in various stages of build. JLR will either have to make individual plans for the parts needed for each vehicle on the production lines, or manually move the vehicles off the lines and then try to put them back into the system.<\/p>\n \u201cDoes it feel like it\u2019s going to be months?\u201d a supplier said. \u201cMaybe. Is it weeks? Absolutely.\u201d<\/p>\n Quick GuideContact us about this storyShow The best public interest journalism relies on first-hand accounts from people in the know.<\/p>\n If you have something to share on this subject, you can contact us confidentially using the following methods.<\/p>\n Secure Messaging in the Guardian app<\/p>\n The Guardian app has a tool to send tips about stories. Messages are end to end encrypted and concealed within the routine activity that every Guardian mobile app performs. This prevents an observer from knowing that you are communicating with us at all, let alone what is being said.<\/p>\n If you don’t already have the Guardian app, download it (iOS<\/a>\/Android<\/a>) and go to the menu. Select \u2018Secure Messaging\u2019. <\/p>\n SecureDrop, instant messengers, email, telephone and post<\/p>\n If you can safely use the Tor network without being observed or monitored, you can send messages and documents to the Guardian via our SecureDrop platform<\/a>.<\/p>\n![\"\"](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/09\/1758364930_999_4000.jpg\")
<\/p>\n