Jaguar Land Rover extends shutdown after cyberattack by another week

Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. JRL is a standalone entity under Tata Motors India, following its acquisition from Ford in 2008. JLR employs approximately 39,000 people, makes more than 400,000 vehicles each year, and has reported an annual revenue of over $38 billion (£29 billion). The British automaker has been working to resume operations since it disclosed the attack on September 2, stating that its production had been significantly disrupted. Last week, JLR also confirmed that the attackers stole "some data" during the breach and instructed staff not to report to work. Earlier today, the automotive giant announced that it's still working to restart its operations and that production will not resume until next week. "Today we have informed colleagues, suppliers and partners that we have extended the current pause in our production until Wednesday 24th September 2025," JLR said. "We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time." JLR has yet to reply to a request for comment from BleepingComputer regarding the incident and its potential impact on customers. While the automaker confirmed the threat actors stole information from its network, it has yet to attribute the breach to a specific cybercrime group, and no known ransomware operation has taken responsibility for the attack. However, a group of cybercriminals identifying as "Scattered Lapsus$ Hunters" has taken responsibility for the cyberattack, posting screenshots of an internal JLR SAP system on a Telegram channel and stating that they've also deployed ransomware on the company's compromised systems. This cybercrime group claims to consist of cybercriminals associated with the Scattered Spider, Lapsus$, and ShinyHunters extortion groups. Scattered Lapsus$ Hunters also claimed responsibility for recent Salesforce data theft attacks. In these attacks, they used social engineering and compromised Salesloft Drift OAuth tokens to steal data from numerous high-profile companies, including Google, Cloudflare, Palo Alto Networks, Tenable, Proofpoint, and many others.