Jaguar Land Rover further extended its cyber attack-induced production halt to October, with the shutdown following the Aug. 31 attack, while government ministers visit and supply chain workers lose wages. The company is working to restore operations as quickly as possible, but the disruption highlights the vulnerability of complex supply chains to cyber threats.
“Today we have informed colleagues, suppliers and partners that we have extended the current pause in production until Wednesday 1 October 2025, following the cyber incident,’ Jaguar Land Rover said in its Tuesday statement. “We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.”
The company said that its teams continue to work around the clock alongside cybersecurity specialists, the NCSC and law enforcement to ensure we restart safely and securely.
“Our focus remains on supporting our customers, suppliers, colleagues, and our retailers, who remain open,” the statement added. “We fully recognise this is a difficult time for all connected with JLR and we thank everyone for their continued support and patience.”
Sources have previously told the BBC the disruption could last into November.
Chris McDonald, the U.K.’s industry minister, said he was visiting Jaguar Land Rover alongside Peter Kyle, Business Secretary, to ‘host companies in the supply chain, to listen to workers and hear how we can support them and help get production back online.’
“We are acutely aware of the difficulties the stoppage is causing for those suppliers and their staff, many of whom are already taking a financial hit through no fault of their own.”
The U.K. government has been actively addressing the incident, which has also disrupted the wider automotive supply chain.
“The Government, including government cyber experts, are in contact with the company to support the task of restoring production operations, and are working closely with JLR to understand any impacts on the supply chain,” according to a Friday joint statement from the Department for Business and Trade (DBT) and the Society of Motor Manufacturers and Traders, following a meeting. “On Friday, 19 September, the Society of Motor Manufacturers and Traders (SMMT) held an extraordinary meeting of its Automotive Components Section, which was attended by Department for Business and Trade (DBT) officials.”
The statement added that ‘this allowed us to listen to suppliers directly and understand the challenges and concerns they are facing.’
This comes as another automaker, Stellantis, confirmed detecting unauthorized access to a third-party service provider’s platform supporting its North American customer service operations. “Upon discovery, we immediately activated our incident response protocols, initiated a comprehensive investigation, and took prompt action to contain and mitigate the situation. We are also notifying the appropriate authorities and directly informing affected customers.”
At Stellantis, safeguarding “our customers’ data and upholding their trust are our highest priorities. The personal information involved was limited to contact information. Importantly, the affected platform does not store financial or sensitive personal information, and none was accessed.”
The statement encouraged customers to remain vigilant against potential phishing attempts and avoid clicking on suspicious links or sharing personal information in response to unexpected emails, texts, or calls. “Customers with questions or who wish to verify communications should contact Stellantis directly through official channels.”
Commenting on the Stellantis attack, Piyush Sharma, CEO and co-founder of Tuskira, wrote in an emailed statement that “What stands out in the Stellantis breach is that the attackers didn’t need a new zero-day. They targeted third-party integrations and tokens that open doors across entire enterprise systems. Once a group like ShinyHunters finds a foothold that works, they run it at scale until someone forces them to stop. This is part of a systemic pattern we’re seeing across Salesforce environments.”
“The big concern here is that the trust we hand off between SaaS platforms, identity providers, and even security tools has become the real attack surface,” Sharma added. “Defending against that means testing how that trust could be abused and cutting off the paths before attackers get there. If you respond for the first time after the data has already been stolen, you’re already behind.”
Last week, Bridgestone Americas reestablished connections between its facilities and the central computer network after a cyberattack earlier this month disrupted production. The company, a subsidiary of Japan-based Bridgestone Corp., said the incident halted operations at several manufacturing and retreading plants in North and South America. Production is now ramping back up at the affected sites as Bridgestone works to restore output to pre-attack levels.
