bbc.com 12.09 Theo LeggettBusiness correspondent

The past two weeks have been dreadful for Jaguar Land Rover (JLR), and the crisis at the car maker shows no sign of coming to an end.

A cyber attack, which first came to light on 1 September, forced the manufacturer to shut down its computer systems and close production lines worldwide.

Its factories in Solihull, Halewood, and Wolverhampton are expected to remain idle until at least Wednesday, as the company continues to assess the damage.

JLR is thought to have lost at least £50m so far as a result of the stoppage. But experts say the most serious damage is being done to its network of suppliers, many of whom are small and medium sized businesses.

The government is now facing calls for a furlough scheme to be set up, to prevent widespread job losses.

David Bailey, professor of business economics at Birmingham Business School, told the BBC: "There's anywhere up to a quarter of a million people in the supply chain for Jaguar Land Rover.

"So if there's a knock-on effect from this closure, we could see companies going under and jobs being lost".

Under normal circumstances, JLR would expect to build more than 1,000 vehicles a day, many of them at its UK plants in Solihull and Halewood. Engines are assembled at its Wolverhampton site. The company also has large car factories in China and Slovakia, as well as a smaller facility in India.

JLR said it closed down its IT networks deliberately in order to protect them from damage. However, because its production and parts supply systems are heavily automated, this meant cars simply could not be built.

Sales were also heavily disrupted, though workarounds have since been put in place to allow dealerships to operate.

Initially, the carmaker seemed relatively confident the issue could be resolved quickly.

Nearly two weeks on, it has become abundantly clear that restarting its computer systems has been a far from simple process. It has already admitted that some data may have been seen or stolen, and it has been working with the National Cyber Security Centre to investigate the incident.

Experts say the cost to JLR itself is likely to be between £5m and £10m per day, meaning it has already lost between £50m and £100m. However, the company made a pre-tax profit of £2.5bn in the year to the end of March, which implies it has the financial muscle to weather a crisis that lasts weeks rather than months.

'Some suppliers will go bust'
JLR sits at the top of a pyramid of suppliers, many of whom are highly dependent on the carmaker because it is their main customer.

They include a large number of small and medium-sized firms, which do not have the resources to cope with an extended interruption to their business.

"Some of them will go bust. I would not be at all surprised to see bankruptcies," says Andy Palmer, a one-time senior executive at Nissan and former boss of Aston Martin.

He believes suppliers will have begun cutting their headcount dramatically in order to keep costs down.

Mr Palmer says: "You hold back in the first week or so of a shutdown. You bear those losses.

"But then, you go into the second week, more information becomes available – then you cut hard. So layoffs are either already happening, or are being planned."

A boss at one smaller JLR supplier, who preferred not to be named, confirmed his firm had already laid off 40 people, nearly half of its workforce.

Meanwhile, other companies are continuing to tell their employees to remain at home with the hours they are not working to be "banked", to be offset against holidays or overtime at a later date.

There seems little expectation of a swift return to work.

One employee at a major supplier based in the West Midlands told the BBC they were not expecting to be back on the shop floor until 29 September. Hundreds of staff, they say, had been told to remain at home.

When automotive firms cut back, temporary workers brought in to cover busy periods are usually the first to go.

There is generally a reluctance to get rid of permanent staff, as they often have skills that are difficult to replace. But if cashflow dries up, they may have little choice.

Labour MP Liam Byrne, who chairs the Commons Business and Trade Committee, says this means government help is needed.

"What began in some online systems is now rippling through the supply chain, threatening a cashflow crunch that could turn a short-term shock into long-term harm", he says.

"We cannot afford to see a cornerstone of our advanced manufacturing base weakened by events beyond its control".

The trade union Unite has called for a furlough system to be set up to help automotive suppliers. This would involve the government subsidising workers' pay packets while they are unable to do their jobs, taking the burden off their employers.

"Thousands of these workers in JLR's supply chain now find their jobs are under an immediate threat because of the cyber attack," says Unite general secretary, Sharon Graham.

"Ministers need to act fast and introduce a furlough scheme to ensure that vital jobs and skills are not lost while JLR and its supply chain get back on track."

Business and Trade Minister Chris Bryant said: "We recognise the significant impact this incident has had on JLR and their suppliers, and I know this is a worrying time for those affected.

"I met with the chief executive of JLR yesterday to discuss the impact of the incident. We are also in daily contact with the company and our cyber experts about resolving this issue."

bbc.com Chris VallanceSenior Technology Reporter andTheo Leggett International Business Correspondent 3.09.2025

Staff were sent home and the company shut down its IT systems in an effort to minimise the damage done.

A cyber-attack has "severely disrupted" Jaguar Land Rover (JLR) vehicle production, including at its two main UK plants.

The company, which is owned by India's Tata Motors, said it took immediate action to lessen the impact of the hack and is working quickly to restart operations.

JLR's retail business has also been badly hit at a traditionally a popular time for consumers to take delivery of a new vehicle - but there is no evidence any customer data had been stolen, it said.

The attack began on Sunday as the latest batch of new registration plates became available on Monday, 1 September.

The BBC understands that the attack was detected while in progress, and the company shut down its IT systems in an effort to minimise any damage.

Workers at the company's Halewood plant in Merseyside were told by email early on Monday morning not to come into work while others were sent home, as first reported by the Liverpool Echo.

The BBC understands the attack has also hit JLR's other main UK manufacturing plant at Solihull, with staff there also sent home.

The company said: "We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner."

It added: "At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted."

It is not yet known who is responsible for the hack, but it follows crippling attacks on prominent UK retail businesses including Marks & Spencer and the Co-op.

In both cases, the hackers sought to extort money.

While JLR's statement makes no mention of a cyber-attack, a separate filing by parent company Tata Motors to the Bombay Stock Exchange referred to an "IT security incidence" causing "global" issues.

The National Crime Agency said: "We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact."

In 2023, as part of an effort to "accelerate digital transformation across its business", JLR signed a five-year, £800m deal with corporate stablemate Tata Consultancy Services to provide cybersecurity and a range of other IT services.

The halt in production is a fresh blow to the firm which recently revealed a slump in profits attributed to increasing in costs caused by US tariffs.

BBC - Transport company KNP forced to shut down after international hacker gangs target thousands of UK businesses.
One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work.

KNP - a Northamptonshire transport company - is just one of tens of thousands of UK businesses that have been hit by such attacks.

Big names such as M&S, Co-op and Harrods have all been attacked in recent months. The chief executive of Co-op confirmed last week that all 6.5 million of its members had had their data stolen.

In KNP's case, it's thought the hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems.

KNP director Paul Abbott says he hasn't told the employee that their compromised password most likely led to the destruction of the company.

"Would you want to know if it was you?" he asks.

"We need organisations to take steps to secure their systems, to secure their businesses," says Richard Horne CEO of the National Cyber Security Centre (NCSC) - where Panorama has been given exclusive access to the team battling international ransomware gangs.

One small mistake
In 2023, KNP was running 500 lorries – most under the brand name Knights of Old.

The company said its IT complied with industry standards and it had taken out insurance against cyber-attack.

But a gang of hackers, known as Akira, got into the system leaving staff unable to access any of the data needed to run the business. The only way to get the data back, said the hackers, was to pay