Inside the US$2.5bil cyberattack that shut down Jaguar Land Rover


The breach occurred in late August 2025, just as JLR was preparing to roll out new vehicles to dealers worldwide. It forced the company to pull the plug on its computers, suspend the weekly production of 5,000 vehicles for five weeks, and tell thousands of factory employees to stay home. — Photo by ALBERLAN BARROS

The 2025 cyberattack that shut down British automaker Jaguar Land Rover (JLR) for five weeks – and ranks among the most financially damaging hacks in United Kingdom history – was carried out by Russian hackers, according to people familiar with the ongoing investigation.

The New York Times reported on June 26 that law enforcement and cybersecurity specialists from the UK and the United States have traced the security breach to Russia, not the “loose collective” of hackers that was the initial suspect.

The attack on Jaguar – and emerging questions about potential ties to the Kremlin – “raises the possibility that this was no typical ransom attack but an assault on the economic foundation of a sovereign state,” the newspaper said, noting that Russian officials are angry about Britain’s military support of Ukraine. “It played into longstanding fears that an adversarial state could remotely paralyse critical infrastructure, like an energy grid or key manufacturers, stoking chaos and causing economic damage.”

The breach occurred in late August 2025, just as JLR was preparing to roll out new vehicles to dealers worldwide. It forced the company to pull the plug on its computers, suspend the weekly production of 5,000 vehicles for five weeks, and tell thousands of factory employees to stay home.

JLR is one of the UK’s largest employers, with 34,000 workers. It also supports another 120,000 jobs throughout its supply chain.

The company reported a US$350mil (RM1.43bil) loss tied to the disruption in fiscal 2026.

The halt in manufacturing rippled throughout the country, affecting thousands of businesses and causing about US$2.5bil (RM10.23bil) in economic damage. The British government stepped in to provide the automaker with a £1.5bil (about US$2bil/RM8.18bil) support package.

The revelation that Russia may have been behind the cyberattack has sparked Members of Parliament to call for greater transparency about the investigation.

“These Russian attacks directly impact ordinary British people every day,” said Labour MP Graeme Downie. “We should tell them and protect them.”

Former armed forces minister Al Carns said the unusual nature of the cyberattack – the hackers did not attempt to extort money from Jaguar – should serve as a warning that Russia is meddling with British affairs. “There was no ransom demand,” Carns said. “They just wanted to see if they could do it.”

Jaguar reportedly didn’t find out who was behind the breach until it was alerted by Microsoft, which was tracking the Russian group. The hackers used novel ransomware with an encryption algorithm that one cybersecurity expert called “mind-blowing.”

Britain’s National Crime Agency declined to comment on the continuing investigation. “Some of the most high-profile cyberattacks against the UK are committed by criminals operating from within Russia,” said a spokesperson, “and some of the groups responsible have links to the Russian state.”

Britain’s defence secretary, Dan Jarvis, recently told a cyber conference in Scotland that “hostile states” are determined “to quietly hollow us out.”

“If this damage had been caused by an old-school, physical attack,” Jarvis said, “it would have been the equivalent of hundreds of masked criminals turning up to dealerships across the country breaking glass, smashing up computers, and driving cars right off the forecourt.” – Inc./TNS

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Others Also Read