Firm continues recovery from cyber attack with a “controlled, phased” return to car production
JLR is preparing to build its first cars in more than a month later this week, as it works to recover from a significant cyber attack that brought all its factories to a halt.
The hack incapacitated the Land Rover maker, forcing it to shut down its internal computer systems in an effort to protect data from being stolen. This resulted in production shutdowns at all of its global plants, created issues with parts ordering and stifled retailers.
The company says “some sections of our manufacturing operations will resume in the coming days”, having not produced any vehicles since the attackers hit on 1 September.
It has not given any further details about which factories will restart first, nor what its target volumes will initially be, but said production will restart in a “controlled, phased” manner, suggesting volumes will initially be restricted.
The company earlier said it planned to restart production from 1 October at the earliest.
In a statement sent to Autocar today (29 September), a JLR spokesperson said: “We continue to work around the clock alongside cybersecurity specialists, the UK Government’s NCSC [National Cyber Security Centre] and law enforcement to ensure our restart is done in a safe and secure manner.
“We would like to thank everyone connected with JLR for their continued patience, understanding and support.
“We know there is much more to do but the foundational work of our recovery is firmly underway, and we will continue to provide updates as we progress.”
Even if JLR is able to start resuming production on 1 October, getting all its engine and car lines up and running could take months. The firm will have lost at least a full month of vehicle production.
The impact on volumes will be made clear when the company releases its production numbers for the quarter, but in the three months to the end of September last year, it produced more than 80,000 cars.
The effect could be costing JLR up to £5 million a day, business economics professor David Bailey has told Autocar.
The restart comes after the UK government said it will guarantee a £1.5 billion loan to JLR, to help it support suppliers who have been hit by the production shutdown.
The loan to the Tata-owned car firm will be issued by a commercial bank, but will be underwritten by the UK government.
As well as costing JLR an estimated £50 million a week, the cyber attack has badly hit the firm’s suppliers. It is estimated that around 150,000 people are employed by some 700 British firms that supply JLR, and the UK government has been investigating ways to support them, such as a furlough scheme or loans to suppliers.
It will instead underwrite a single loan to JLR through the Export Development Guarantee (EDG), with JLR repaying the money over a period of five years.
Business Secretary Peter Kyle said on Saturday (27 September) that the loan guarantee “will help support the supply chain and protect skilled jobs in the West Midlands, Merseyside and throughout the UK.”
Chancellor Rachel Reeves added that the loan would help JLR “support their supply chain and protect a vital part of the British car industry.”
Last week, JLR was able to restore some of its IT systems following the back, and was able to start paying some of its suppliers.
On Thursday 25 September JLR confirmed that “sections of our digital estate are now up and running”, including its payment systems – and the company is “now working to clear the backlog of payments to our suppliers as quickly as we can”.
JLR’s Global Parts Logistics Centre, which supplies the parts distribution centres for retailers globally, was also described as “returning to full operations”, meaning servicing and repairs can once again take place.
JLR is now also able to digitally sell and register new vehicles (it was previously doing the latter via telephone to the DVLA), as its financial system has been brought back online.er.”
Worry for employees
Since the cyber attack, the majority of JLR’s employees have been off work, with lost hours being banked.
Union Unite said last week that employees within the supply chain are being told to apply for Universal Credit as they are moved onto reduced or zero-hours contracts by employers battling to stay afloat.
Earlier reports suggested that some suppliers “will go bust” as a result of the ongoing issues at JLR.
Unite general secretary Sharon Graham said the union has written to the UK government demanding it set up a furlough scheme to take the pressure off suppliers by supplementing workers’ pay packets while they’re unable to do their jobs.
“Workers in the JLR supply chain must not be made to pay the price for the cyber attack,” said Graham. “It is the government’s responsibility to protect jobs and industries that are a vital part of the economy.”
Graham cited a similar scheme set up on 15 September by the Scottish government to support bus maker Alexander Dennis and said “a similar scheme for workers in the JLR supply chain [should be set up] now”.
JLR hack: what happened?
Autocar first reported issues affecting JLR on 1 September, when dealers couldn’t register new cars on ‘new plate day’ , traditionally one of the year’s busiest for registrations.
In an effort to combat the hack, JLR began “shutting down” its systems on 2 September, and has not produced any cars globally since, leading to millions of pounds of lost income.
The extent of the issues meant JLR brought police and cybersecurity experts in to “restart our global applications in a controlled and safe manner”.
During this process, which included an investigation, it was discovered that “some data” was “affected”, said JLR. Those affected will be contacted, said the firm.
It’s not officially known what data was taken or if a ransom demand has been made, but it is thought it most likely involves customer data given the involvement of the police.
Who has claimed responsibility for JLR hack?
On 3 September, a group of hackers calling themselves Scattered Lapsus$ Hunters claimed responsibility for the attack on JLR.
This is the same group that hacked Marks & Spencer in May, causing the British retailer seven weeks of disruption and costing £300 million in lost operating profit.
It claimed to have obtained customer data after exploiting a similar flaw in JLR’s IT system. The claim was made on a Telegram messenger group, where a user linked to the hackers posted a screenshot of what appeared to show JLR’s internal system.
A member of the group revealled that a well-known flaw in SAP Netweaver, third-party software used by JLR, was exploited to access the data.
The US’s Cybersecurity and Infrastructure Security Agency warned about the flaw earlier this year. An update for the software was released, but whether JLR applied it is unknown.
It’s also not known what data was taken or if a ransom demand has been made of JLR.
