Russian hackers were behind the cyberattack that brought Jaguar Land Rover’s operations to a standstill in 2025, according to a new report citing people familiar with the investigation. The incident is now considered one of the most damaging cyberattacks ever to hit a British company.
The attack began in late August 2025 and forced Jaguar Land Rover (JLR) to shut down critical IT systems, disrupting manufacturing, dealerships, repair operations, and parts of its supply chain. Production at several facilities remained halted for weeks as investigators worked to contain the breach and restore operations.
According to the report, the attack resulted in an estimated £681 million in direct losses for JLR. The broader impact extended well beyond the automaker, affecting suppliers across the United Kingdom and contributing to slower-than-expected economic growth. The UK government ultimately provided £1.5 billion in support to help stabilize the company and its supply chain following the disruption.
While officials have not publicly identified the specific group responsible, investigators reportedly concluded that Russian hackers carried out the operation. It remains unclear whether the attackers acted on behalf of the Russian government, with official backing, or independently while operating from Russian territory.
The cyberattack has been described by the UK’s Cyber Monitoring Centre as one of the country’s most significant cyber incidents to date because of its cascading economic effects. Thousands of workers throughout the automotive supply chain were affected as factories suspended production and suppliers struggled with reduced demand.
Cybersecurity experts say the incident illustrates how attacks against a single manufacturer can rapidly spread through interconnected supply chains. Modern automotive production depends on tightly synchronized logistics, meaning even a brief interruption to one company can ripple across hundreds of suppliers and manufacturing partners.
The JLR attack also reflects a broader trend of cybercriminals and state-linked actors targeting major industrial organizations whose operations cannot tolerate prolonged downtime. Manufacturing companies increasingly face pressure to restore systems quickly, making them attractive targets for ransomware and disruptive cyber campaigns.
Although many details of the investigation remain confidential, the findings underscore growing concerns about cyber threats targeting critical industries and the potentially severe economic consequences of successful attacks against major manufacturers.
