JLR to CNBC-TV18 on cyberattack: After global production halt, company begins recovery process

Following a major cyberattack estimated at around $2.44 billion, Jaguar Land Rover (JLR) restarted its recovery process on September 25, a company spokesperson told CNBC-TV18. Its digital systems were gradually coming back online and JLR was restoring key parts of its digital infrastructure following the major hack that forced the carmaker to halt global production and raised concerns over a potential financial fallout.

The cyberattack, reportedly carried out by a hacking group of teenagers who calling themselves "Scattered Lapsus$ Hunters," disrupted the company’s IT systems earlier this month, resulting in widespread production delays, halt in sales processing, and stalled logistics. JLR did not confirm the identity of the attackers, but major news outlet said that the group had posted screenshots on Telegram claiming access to internal company networks.

Amid the recovery efforts, a JLR spokesperson confirmed that core systems are gradually coming back online, enabling the company to resume some operational functions. "As part of the controlled, phased restart of our operations, today we have informed colleagues, suppliers and retail partners that sections of our digital estate are now up and running. The foundational work of our recovery programme is firmly underway,” the company said in a statement.

Also read | JLR cyber breach highlights need for adequate insurance: What businesses should know

The company added that there was significant progress in increasing IT processing capacity for invoicing and supplier payments.

"We are now working to clear the backlog of payments to our suppliers as quickly as we can. Our Global Parts Logistics Centre, which supplies the parts distribution centres for our retailer partners in the UK and around the world, is now returning to full operations. This will enable our retail partners to continue to service our clients’ vehicles and keep our customers mobile," the spokesperson said.

The company also confirmed that the financial system used to process vehicle wholesale transactions was restored, helping to resume sales and registrations. "We are able to sell and register vehicles for clients faster, delivering important cash flow," the spokesperson added.

Also read | Tata Motors JLR CEO says in 'good position' to raise funds but does not share resumption timeline

“These are important initial steps as our dedicated teams work around the clock alongside cybersecurity specialists, the UK Government’s NCSC and law enforcement to ensure we restart in a safe and secure manner. Our focus remains on supporting our customers, suppliers, colleagues and our retailers. We fully recognise this is a difficult time for all connected with JLR and we thank everyone for their continued support and patience,” the statement read.

The attack, which has reportedly led to losses of $61 million per week, has raised questions about JLR's preparedness and cyber risk management. Responding to a query from CNBC-TV18 about cyber insurance, the company stated: “We do not comment on commercial matters such as these.”

Regarding the broader financial implications of the breach, JLR said: "We will update on the impact of the cyber incident in due course as part of our financial reporting.”