The recent cyberattack on Jaguar Land Rover (JLR) is a sobering reminder that today’s cyberthreat environment is constantly evolving. Even global brands can fall prey to devastating attacks once criminals gain access to their systems. When it comes to business continuity, a successful attack can cause as much disruption as a natural disaster.
So what happened here? How can manufacturers prevent similar cyberattacks?
How can they implement proper disaster recovery plans?
We’ll cover all that and more.
Key takeaways:
- Jaguar Land Rover experienced a devastating cyberattack in August 2025 that forced the company to shut down operations.
- Cyber criminals most likely used social engineering and vishing to execute the initial breach of systems.
- Manufacturers in all verticals should establish layered cybersecurity defenses to prevent this type of attack.
What happened in the Jaguar cyberattack?
In late August 2025, a cyberattack on Jaguar Land Rover (JLR) severely disrupted the company’s manufacturing and retail operations, leading to a global production shutdown. The attack was claimed by a hacker group known as Scattered Lapsus$ Hunters, a collective linked to previous breaches at other companies. The incident forced JLR to proactively shut down its systems to contain the damage.
How did the criminals launch the attack?
The hackers gained access to JLR’s manufacturing IT systems, most likely through a sophisticated vishing campaign. The criminal group, which includes elements of the Scattered Spider, Lapsus$, and ShinyHunters collectives, is known for using social engineering tactics to breach systems and obtain access.
Unfortunately, this attack vector is often effective in manufacturing, where operational technology (OT) often integrates with traditional IT systems. This creates a complex environment with many potential vulnerabilities requiring constant monitoring and management.
How did the attack affect Jaguar’s operations?
This was a devastating cyberattack that forced Jaguar to shut down production and sales activities. The effects of the attack also rippled out into the broader supply chain in the auto industry.
Here are the detailed repercussions of the breach.
- Production halt: JLR was forced to stop manufacturing at its global manufacturing sites, including its main UK factories. JLR announced the initial shutdown on September 1, then extended the pause until at least September 24 as a forensic investigation and system rebuild continued.
- Financial losses: The production halt is estimated to have cost JLR millions of pounds per week, with some sources reporting losses of up to £50 million weekly.
- Supply chain fallout: The disruption had a ripple effect across the automotive supply chain, with thousands of workers at suppliers affected and some smaller companies facing bankruptcy.
- Data breach: While JLR initially stated there was no evidence of customer data theft, they later confirmed that some company data had been affected. This included the potential compromise of internal systems, though the full scope was still under investigation.
- Hacker activity: Scattered Lapsus$ Hunters reportedly targeted JLR during a key sales period, possibly leveraging a known vulnerability through social engineering. The group also used a public Telegram channel to boast about the attack and issue threats against other companies.
How can organizations prevent similar attacks?
Unfortunately, JLR isn’t the only manufacturer that’s vulnerable to cyberattacks. This incident highlights the need for a multi-layered, proactive cybersecurity strategy with robust toolsets and continuous monitoring by human experts.
While that might sound intimidating, this level of security is actually quite attainable. Manufacturers in all verticals can take seven steps to prevent similar attacks.
1. Strengthen access controls and authentication
- Adopt strong passwords and MFA. Enforce strict password policies and require multi-factor authentication (MFA) for all users, particularly for accounts with privileged access.
- Implement least privilege. Restrict user access to only the data and systems necessary for their job functions. This limits a hacker’s ability to move laterally across the network after an initial breach.
2. Prioritize employee training and awareness
- Conduct regular training. Educate employees on how to recognize and report common cyber threats like phishing, which is a major entry point for attackers.
- Run phishing simulations. Test and reinforce employee vigilance with simulated phishing exercises.
3. Maintain updated systems and software
- Patch vulnerabilities promptly. Keep all operating systems and software updated with the latest security patches. This fixes known vulnerabilities before attackers can exploit them.
- Automate patch management. Use a patch management system to ensure updates are deployed consistently and in a timely manner.
4. Secure networks and endpoints
- Use firewalls. Deploy firewalls to control network traffic and block unauthorized access.
- Encrypt data. Encrypt all sensitive data, both in transit and at rest, to make it unreadable to unauthorized parties.
- Implement endpoint protection. Install and maintain antivirus and anti-malware software on all devices.
5. Manage third-party vendor risk
Assess the cybersecurity posture of all third-party vendors and ensure they meet your security standards. Attackers can exploit vulnerabilities in a supplier’s network to access your own systems.
6. Prepare comprehensive plans for incident response and disaster recovery
- Create a detailed plan. Establish a clear, documented plan outlining the steps to be taken in case of a breach. This ensures a coordinated and rapid response.
- Conduct data backups. Regularly back up all critical data and store it securely, preferably following the 3-2-1 rule (three copies, two different media, one off-site).
- Implement a “killswitch.” Have a plan to quickly shut down affected systems to contain the spread of an attack.
7. Continuously monitor and audit
- Employ network monitoring. Use tools to continuously monitor your network for suspicious activity.
- Perform regular audits. Conduct security audits and vulnerability assessments to proactively identify weaknesses in your security defenses.
What if an organization doesn’t have cybersecurity staff?
If you don’t have cybersecurity experts on staff, you’re not alone. Even large manufacturers struggle to cover all their needs with staff hiring.
This is where an MSSP (managed security services provider) comes in. An MSSP provides the guidance, processes, tools, and human experts to make your cybersecurity strategy a reality.
An MSSP like Corsica Technologies is more affordable than you might think. Most organizations pay roughly the cost of one staff hire—while gaining access to an entire team of experts as well as established tools and processes.
Use our FREE MSSP Pricing Calculator to estimate your cost.
The takeaway: Get the layered protection you need
The world of cyberattacks is constantly evolving, but you don’t have to fall prey to devastation. The key is layered defenses and an affordable cost structure. Here at Corsica Technologies, we’ve helped 1,000+ clients achieve their business goals through technology. Contact us today, and let’s get started on the next phase in your journey.
Ready to improve your cybersecurity?
Reach out to schedule a consultation with our security specialists.
