Jaguar Land Rover, the UK’s largest automaker, said some of its digital services have been reactivated following a cyber-attack that has led to a shutdown of the company’s production facilities since 1 September.
JLR said that as part of a phased restart of its operations, it informed colleagues, suppliers and retail partners as of Thursday that “sections” of its digital estate are now operational.
“The foundational work of our recovery programme is firmly underway,” the company said.
Supply chain risk
The attack has focused attention on the situation of JLR’s supply chain network that employs about 200,000 people in the UK, some of which have been laid off with reduced or no pay and told to apply for universal credit, according to union Unite.
Unions had called for a furlough scheme similar to Covid-era subsidy programmes to support supply chain workers, but government officials indicated this was not an option.
Industry minister Chris McDonald said the partial restart would help to support cash flow to suppliers, and said the government would continue to back JLR in resolving the incident.
Ministers had proposed plans including a scheme under which the government would temporarily purchase components from JLR’s supply chain, and then sell the components to JLR once production resumed.
But business secretary Peter Kyle emphasised that JLR, which is owned by Tata Motors, should provide the financial backing to support its own supply chain.
In addition to helping clear the backlog of payments to suppliers, the partial restart also allows JLR to register wholesale vehicles, after being forced to do so manually since the beginning of the month.
The company has said production will remain at a halt until at least the beginning of October.
Costly attacks
The attack was one of several large-scale cyber-incidents that have affected large British companies this year, including Marks & Spencer, Harrods and the Co-op.
All have been claimed by a nebulous English-speaking group calling itself Scattered Lapsus$ Hunters that typically uses social-engineering methods to impersonate a firm’s employees, often via a helpdesk, in incidents dating back to the disruption of Las Vegas casinos in 2023.
Marks & Spencer’s outsourced helpdesk, Tata Consultancy Services, or TCS, is understood to have been a means of entry in the company’s prolonged outage, although TCS said its own systems were not penetrated in that attack.
The Co-op, which said this week it took a revenue hit of more than £206 million as a result of the attack on it earlier this year, and JLR also outsource helpdesk services to TCS.
Airports across Europe have been disrupted this week as a result of a ransomware attack on another third-party supplier.
The attack on 19 September affected automated check-in and baggage-handling software called vMUSE, provided by Collins Aerospace, a subsidiary of Virginia-based RTX, formerly known as Raytheon. Collins is still in the process of rebuilding its systems.
