On 31st August 2025, Jaguar Land Rover (JLR), one of Britain’s most iconic automotive manufacturers, was struck by a crippling cyber-attack that forced an immediate halt to production across its UK facilities.
The incident, described by MP Liam Byrne as a ‘digital siege’, has since spiralled into a full-blown supply chain crisis, threatening thousands of jobs and exposing vulnerabilities in the nation’s industrial backbone.
The attack, believed to be a coordinated effort by cybercrime groups Scattered Spider, Lapsus$, and ShinyHunters, targeted JLR’s production systems, rendering them inoperable.
By 1st September, operations were suspended, and by 22nd September 2025, the shutdown had extended to three weeks, with staff instructed to stay home.
A forensic investigation is ongoing, and JLR has delayed its restart timeline until 1st October 2025.
The toll
The financial toll is staggering. Estimates suggest the company is losing £50 million per week. With no cyber insurance in place, JLR has been left scrambling to stabilise its operations and reassure its extensive supplier network—comprising over 120,000 jobs, many in small and medium-sized enterprises.
In response, the UK government has stepped in with a £1.5 billion loan guarantee, backed by the Export Development Guarantee scheme.
This emergency support aims to shore up JLR’s cash reserves, protect skilled jobs in the West Midlands and Merseyside, and prevent collapse among its suppliers.
Business Secretary Peter Kyle and Chancellor Rachel Reeves have both emphasised the strategic importance of JLR to Britain’s economy, calling the intervention a ‘decisive action’ to safeguard the automotive sector.
The cyber attack has also prompted broader questions about industrial cybersecurity, insurance preparedness, and the resilience of supply chains in the face of digital threats.
Unions have urged the government to ensure the loan translates into job guarantees and fair pay, while cybersecurity experts have called the scale of disruption ‘unprecedented’ for a UK-based manufacturer.
🔐 Ten Major Cyber Attacks of 2025
| # | Target | Date | Impact |
|---|---|---|---|
| 1️⃣ | UNFI (United Natural Foods Inc.) | June | Disrupted food supply chains across North America; automated ordering systems collapsed. |
| 2️⃣ | Bank Sepah (Iran) | March | 42 million customer records stolen; hackers demanded $42M in Bitcoin ransom. |
| 3️⃣ | TeleMessage (US Gov Messaging App) | May | Metadata of officials exposed, including FEMA and CBP; triggered national security alerts. |
| 4️⃣ | Marks & Spencer (UK) | April–May | Ransomware attack led to 46-day online outage; £300M profit warning. |
| 5️⃣ | Co-op (UK) | May | In-store systems crashed; manual tills and supply chain breakdowns across 2,300 stores. |
| 6️⃣ | Mailchimp & HubSpot | April | Credential theft and phishing campaigns; fake invoices sent to thousands. |
| 7️⃣ | Hertz | April | Global breach with unclear UK impact; customer data compromised. |
| 8️⃣ | Anonymous Data Leak | January | 18.8 million records exposed; no company claimed responsibility. |
| 9️⃣ | Microsoft SharePoint Servers | Ongoing | Exploited by China-linked threat actors; widespread “ToolShell” compromises. |
| 🔟 | Ingram Micro (IT Distributor) | July | Ransomware attack by SafePay group; disrupted global tech supply chains. |
As JLR works with law enforcement and cybersecurity specialists to restore operations, the incident stands as a stark reminder: in the digital age, even the most storied brands are vulnerable to invisible adversaries.
Other prominent recent major cyber attacks
| # | Attack Name | Target | Impact |
|---|---|---|---|
| 1️⃣ | Change Healthcare Ransomware | U.S. healthcare system | Disrupted nationwide medical services; $22M ransom paid3 |
| 2️⃣ | Snowflake Data Breach | AT&T, Ticketmaster, Santander | 630M+ records stolen; MFA failures exploited3 |
| 3️⃣ | Salt Typhoon & Volt Typhoon | U.S. telecom & infrastructure | Espionage targeting political figures & critical systems3 |
| 4️⃣ | CrowdStrike-Microsoft Outage | Global IT services | Massive disruption due to botched update |
| 5️⃣ | Synnovis-NHS Ransomware | UK healthcare labs | Halted blood testing across London hospitals |
| 6️⃣ | Ascension Ransomware Attack | U.S. hospital chain | Patient care delays; data exfiltration |
| 7️⃣ | MediSecure Breach | Australian e-prescription provider | Sensitive medical data leaked |
| 8️⃣ | Ivanti Zero-Day Exploits | Global VPN users | Nation-state actors exploited vulnerabilities |
| 9️⃣ | TfL Cyber Attack | Transport for London | Internal systems disrupted; public services affected |
| 🔟 | Internet Archive Attack | Digital preservation site | Attempted deletion of historical records |