Cyberattack Drains £196m From JLR’s Quarterly Results

In its financial report for the period from July 1 to September 30, Jaguar Land Rover revealed that the cyberattack it encountered earlier this year led to expenses of £196 million during the quarter.

 

In early September, JLR, the British luxury car manufacturer owned by India’s Tata Motors, suffered a significant cyber attack that forced the company to shut down multiple critical systems, including those at its UK factories such as the Solihull plant.

 

This shutdown caused major disruption to production and retail operations, with factory staff told to stay home for several weeks and UK dealers unable to register new vehicles or supply parts, directly impacting revenue.

 

The cyberattack on Jaguar Land Rover had a significant financial impact, with independent experts estimating the cost to JLR and the UK economy at around £1.9 billion ($2.5 billion). The disruption affected over 5,000 UK organisations, including suppliers and dealerships, making it one of the most damaging cyber events in UK history.

 

The UK government issued a £1.5 billion loan guarantee under the Export Development Guarantee scheme to help JLR rebuild its supply chain. JLR began gradually restoring production in October across key UK sites and its Slovakia facility.

 

JLR has recently published its Q2 FY26 financial results, which confirm that the cyber attack had a significant impact on the company’s profits.

 

“Revenue for Q2 was £4.9bn, down 24% year‑on‑year (YoY), while H1 revenue was £11.5bn, down 16% YoY. Revenue was impacted by the production stoppages JLR initiated in September following the cyber incident and the planned wind down of legacy Jaguar model.

 

“EBIT margin was (8.6)% for the second quarter, down from 5.1% a year ago, and (1.4)% for H1, down from 7.1% in H1 last year. This decrease in profitability is largely due to the cyber incident, the continuing impact of US tariffs, reduced volumes as referenced above and increased VME. Exceptional items of £238m in the quarter reflect costs of £196m relating to the cyber incident and voluntary redundancy programme costs of £42m,” the company said.

 

The Scattered Lapsus$ Hunters group claimed the attack, allegedly using stolen JIRA credentials obtained through long-running phishing and malware campaigns. They exfiltrated up to 350GB of sensitive data, though JLR says there’s no evidence customer data was affected.