Jaguar Land Rover cyber attack: workers told to apply for Universal Credit says union
Unite claims staff are being laid off with "reduced or zero pay" following the attack, which occurred almost three weeks ago
After a cyber attack on 31 August forced Jaguar Land Rover (JLR) to shut down its IT networks and halt production, workers across the company's supply chain are being told to apply for Universal Credit, a union has claimed.
According to Unite, certain staff have been laid off with "reduced or zero pay" due to the hack, while there are growing concerns that these suppliers may not have the resources to handle an extended business interruption and the resulting financial losses.
JLR has not commented on Unite's claims, although the company previously stated that production would potentially restart by September 24. However, some sources suggest that the disruption could continue until November or beyond.
The union has also called on UK leaders to implement a furlough scheme, similar to the one created by the Scottish government for the bus manufacturer Alexander Dennis.
JLR’s supply chain is believed to support around 104,000 jobs in the UK, and includes many small and medium-sized businesses that are highly dependent on the car maker.
The embattled firm, which typically produces about 1,000 cars a day at its three UK factories, has told many of its 33,000 employees to stay at home while it works on a controlled restart of its global operations.
JLR cyber attack timeline
On 02 September, JLR confirmed that it was the victim of what it described as a “cyber incident” that occurred on 31 August. In order to mitigate the infiltration, the firm’s IT team immediately proceeded to shut down its array of online systems, and thus the various production lines that rely on this type of technology came to a halt.
From the day following the attack, JLR asked its factory employees to remain at home. Since then, production across the firm’s sites in Halewood, Solihull, Wolverhampton and abroad have remained at a standstill while the company works with “third‑party cybersecurity specialists and alongside law enforcement” in order to get things back online safely.
The brand begun an in-depth investigation into the incident, with a spokesperson saying on 10 September: “Since we became aware of the cyber incident, we have been working around the clock, alongside third party cybersecurity specialists, to restart our global applications in a controlled and safe manner”.
“As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators. Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.”
What data this is, has yet to be confirmed.
Senior manager of security operations at cybersecurity firm Huntress, Dray Agha, said the incident “highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line”.
If you’re considering one of JLR’s finest, our Buy a Car service has plenty of great Land Rover deals available, we also have a wide selection of used Land Rover models.
DVLA help
In the meantime, a deal struck by JLR and the DVLA has enabled dealers to register new cars without the firm’s systems being online, although the number of new models flowing into showrooms may soon dry up as factory doors remain closed.
Whether or not JLR parts with cash in order to appease the hackers, this whole incident will inevitably result in huge losses for the British giant, which has already seen a dip in quarterly sales for the first part of 2025 – something that’s been attributed to President Donald Trump’s unprecedented foreign tariffs.
With JLR usually producing as many as 1,000 vehicles per day and this coming at a crucial time of year for the UK car market during the September nameplate change, those within the firm will be wanting to get the matter resolved and systems back online as soon as possible.
Warning other manufacturers which may become victims of such attacks in the future, Agha said that designing systems to continue core functions even during an attack can help reduce the financial and operational impact.
Furthermore, Agha says brands “must implement and rigorously test 'segmentation'. [This] means creating digital firewalls between critical production networks and other business IT systems.” Doing so “contains an attack and prevents a single point of failure from bringing the entire operation to a standstill.”
Our dealer network has 1,000s of great value new cars in stock and available now right across the UK. Find your new car…
Find a car with the experts
