Jaguar Land Rover (JLR) has started a gradual restart of its operations after a significant cyber-attack disrupted production across the automotive giant. The UK-based company, owned by Tata Motors, has been working to restore critical IT systems and resume normal business functions.

JLR has boosted its IT processing capabilities for invoicing, enabling the company to start addressing the backlog of payments owed to suppliers. Its financial systems, responsible for processing vehicle wholesale transactions, are also back online, allowing faster car sales and registration for customers.

The company’s Global Parts Logistics Centre, which supports parts distribution for retail partners both in the UK and internationally, has begun returning to full operational capacity.

“In line with our controlled, phased restart, we have informed colleagues, suppliers, and retail partners that key areas of our digital infrastructure are now active. The foundational steps of our recovery program are well underway,” JLR stated on September 25.

The resumption of operations comes as relief to JLR’s extensive supply chain, including third-party companies that provide just-in-time logistics and components, some of whose employees faced job losses during the shutdown.

Initially, JLR had extended its production pause until at least October 1 while planning the staged resumption of operations. The company is coordinating closely with the UK National Cyber Security Centre (NCSC) and law enforcement agencies to ensure a safe and secure return to production.

UK trade union Unite has urged the government to implement a furlough scheme to protect workers affected by the disruption. On September 23, Business Secretary Peter Kyle met with JLR executives and supply chain representatives to discuss measures to support the resumption of production.

The cyber-attack, disclosed on September 2, prompted JLR to proactively shut down its systems to mitigate damage. The attack has been claimed by a group calling itself “Scattered Lapsus$ Hunters”, hinting at a potential collaboration between Scattered Spider, ShinyHunters, and Lapsus$.

This incident highlights the ongoing risks that sophisticated cyber threats pose to global manufacturing operations, emphasizing the critical need for robust cybersecurity, observability, and incident response plans in complex supply chains.

Source: https://www.infosecurity-magazine.com/news/jlr-phased-restart-operations