For almost three weeks, the production lines at global car giant Jaguar Land Rover have stood still. Usually busy turning out an estimated 1,000 vehicles per day, staff at multiple JLR factories across Britain have been told to stay at home as the automotive firm responds to a damaging cyberattack. But as its recovery has stretched from days to weeks, the knock-on impacts are being felt at the hundreds of companies that supply JLR with parts and materials and risk turning the attack into a full-blown crisis.
On Friday, the UK government admitted that the cyberattack against JLR was having a “significant impact” on the company and on the “wider automotive supply chain.” The concession came as unions and officials have increasingly warned that thousands of jobs in JLR’s sprawling supply chain could be lost, and some smaller companies could go bankrupt. Reports claim JLR itself may be losing up to £50 million ($67 million) per week in the shutdown. Some firms have reportedly already laid off staff, with the Unite union claiming that workers in the JLR supply chain “are being laid off with reduced or zero pay.” Some have been told to “sign up” for government benefits, the union claims.
“It seems unprecedented in the UK to have that level of disruption because of a cyberattack or ransomware attack,” says Jamie MacColl, a senior research fellow in the cyber and tech research group at the security and defence think tank RUSI. That thousands of jobs could be put at risk, either temporarily or permanently, is “a different order of magnitude” to previous incidents, MacColl says.
JLR, which is owned by India’s Tata Motors, is one of the UK’s biggest employers, with around 32,800 people directly employed in the country. Stats on the company’s website also claim it supports another 104,000 jobs through its UK supply chain and another 62,900 jobs “through wage-induced spending.” Many other suppliers are also based outside of the UK, as well as some overseas factories.
At the start of September, JLR confirmed it had been “impacted” by a cyberattack and that the company was taking “immediate action” and “proactively shutting down our systems,” effectively grinding its factories and production processes to a halt. As the company investigated the attack, it revealed that “some data” has been “affected” but did not specify what that data is.
Despite efforts to get systems back online, the company confirmed on Wednesday that its “pause” in production has been extended to Wednesday, September 24. “We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,” JLR said in a statement on Wednesday. “We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.”
JLR did not respond to questions from WIRED about what systems were disrupted, the financial cost of the cyberattack to suppliers, nor any measures the company was looking at to support businesses.