Jaguar Land Rover cyber attack outage continues - systems unlikely to be online for another week

News
By published

Luxury automaker pushes system restart for another week

(Image credit: Jaguar Land Rover)
  • Jaguar Land Rover extends production pause following cyberattack
  • Attack was claimed by Scattered Lapsus$ Hunters cybercrime group
  • JLR is still investigating the incident and confirmed that some data was likely affected, while planning a gradual restart of global operations

Jaguar Land Rover (JLR) has decided to push its production pause for another week as it wrestles with the aftermath of the devastating recent cyberattack.

In late August, the luxury car manufacturer reported suffering a security incident that “severely disrupted” production and retail activities.

The attack forced it to shut down parts of its infrastructure to the point of having to halt entire productions and sending employees home across three plants in Solihull, Halewood and Wolverhampton.

Controlled restart

While initially the company believed the attackers did not steal any sensitive data, it later backtracked, saying that “some data” was likely affected. It did not discuss the type or nature of the stolen files, but a group calling itself “Scattered Lapsus$ Hunters” claimed responsibility for the attack.

The hacking collective, apparently made from the merger of three notorious cybercrime groups, was bragging about the attack on Telegram, sharing screenshots which seem to be from inside JLR’s IT infrastructure. They were also cracking jokes about the breach, asking “Where is my new car, Land Rover?” and similar.

The hackers shared a few screenshots as proof of their claims, which seem to be showing internal instructions for troubleshooting a car charging issue, as well as internal computer logs.

Now, in an updated statement, JLR said it “informed colleagues, suppliers and partners that we have extended the current pause in our production until Wednesday 24th September 2025.”

“We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time.”

Scattered Lapsus$ Hunters is currently one of the most active groups out there. Recently, Google confirmed that the criminals even managed to obtain an account at its sensitive law enforcement portal, which was quickly terminated.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.