By ROB HULL, MOTORING EDITOR
The crippling impact of last week's cyber attack on Jaguar Land Rover could disable the car maker's operations 'for weeks' with its UK workforce still waiting to hear when they can return to vehicle production factories.
The fallout from the cyber breach has been described as the British vehicle manufacturer's 'worst crisis since the pandemic', with the attack immobilising its entire business network.
Staff at its UK vehicle plants in Halewood, Merseyside and Solihull in the West Midlands - and its engine manufacturing centre in Wolverhampton - were last week told not to return until tomorrow at the very earliest, though insiders reveal assembly lines are likely to stand idle this week too.
The 'cyber incident' has also brought production at its Slovakia, Brazil and India manufacturing sites to a near-standstill after the company was forced to close down its entire IT network, rendering its computer systems useless.
While it continues to attempt to reboot and reinstate its online applications, dealers are facing huge difficulties registering new models during one of the calendar's busiest months for car sales, online catalogues of spare parts cannot be accessed, and diagnostic equipment used to identify reliability issues are not working.
According to The Times, this will likely go on for weeks as all hope of a quick resolution is rapidly diminishing.
It comes after Jaguar Land Rover told the Daily Mail on Saturday that it is 'working around the clock' to restore its IT systems - and that it has drafted in third-party cybersecurity specialists and law enforcement to understand the full consequences of the breach.
The car maker continues to communicate that there is 'no evidence any customer data has been stolen' but acknowledged that its 'retail and production activities have been severely disrupted' as a result.
The crippling impact of last week's cyber attack could disable Jaguar Land Rover's operations 'for weeks', according to latest reports
Its UK on Monday will be provided an update on when they can expect to return to vehicle production factories, having been sent home a week ago in response to the breach and online shutdown
The Times is reporting that JLR bosses behind closed doors have conceded that it will take 'a matter of weeks rather than days' to bring its systems back online.
But the 'long tail' ramifications could affect the business for even longer, with suppliers already raising concerns about the impact of its near operation-wide shutdown.
Local companies providing parts of JLR vehicles have already temporarily laid off workforces in response, the Times claims.
Coventry-based Evtec, which provides lightweight aluminium parts and WHS Plastics in Sutton Coldfield have said they have been impacted.
Shaun Adams, managing director of parts supplier Qualplast, last week said the pause to assembly lines could have a knock-on effect for his company.
It provides products to JLR - and other major car makers including Aston Martin, Honda and Toyota - using a process called flock coating; this involves applying tiny fibres to surfaces to give them a soft, velvety texture. It is used for panels inside vehicle cabins, such as glove boxes, armrests and door pockets.
'It's worrying, we have had to move into panic and recovery mode, although we're used to short shutdowns, but if this continues, it would be concerning,' he told the BBC.
Describing JLR as a 'significant client, he added: 'We have other work that we can move people onto in the short term, but if this starts progressing over weeks, then we would have to seriously look at what we need to future-proof.'
As such, the government could be forced to step in with financial support to cushion the impact on JLR’s suppliers.
In its latest statement issued to the Daily Mail, the vehicle manufacturer says it is working tirelessly to restore its applications in a 'controlled and safe manner' following the breach on Sunday 31 August - and confirmed it is now working alongside third-party cybersecurity specialists and law enforcement to hone in on those responsible for the attack.
The car firm said: 'We want to thank all our customers, partners, suppliers and colleagues for their patience and support.
'We are very sorry for the disruption this incident has caused. Our retail partners remain open and we will continue to provide further updates.'
A notice sent to Halewood workers at the Merseyside plant (pictured) on Thursday stated: 'Friday September 5 and Monday September 8: the leadership team has agreed that production associates will be stood down and will have hours banked in line with the corridor agreement'
Workers at the Solihull factory in the West Midlands (pictured) were also informed that they could not return until Tuesday 9 September at the earliest. Though insiders today said assembly lines will likely remain idle this week
Manufacturing at JLR's engine plant in Wolverhampton has also been put on hold while JLR attempts to restart its online systems safely following last Sunday's cyber breach
Workers should today receive an update on when they can return to factories.
After being sent home from assembly lines last Monday, a notice sent to Halewood workers three days later stated: 'Friday September 5 and Monday September 8: the leadership team has agreed that production associates will be stood down and will have hours banked in line with the corridor agreement.
'All colleagues are required to attend work as normal on Tuesday September 9 unless informed otherwise.'
However, the expectation is that tomorrow will come too soon for staff to return with 'delays likely to continue', an insider told us.
In the meantime, they will continue to be paid as usual and 'bank' their hours to be picked up later on.
The Times is reporting that JLR bosses behind closed doors have conceded that it will take 'a matter of weeks rather than days' to bring its systems back online
All factory workers will continue to be paid as usual and 'bank' their hours to be picked up later on, JLR has said
David Bailey, professor of business economics at Birmingham University, warns the impact of last Sunday's attack should not be underestimated, saying it could cost JLR a 'catastrophic' £5million a day.
Worse still for JLR, customers unable to buy cars for up to weeks could likely go elsewhere for new models.
JLR dealers - who have been locked out of online applications since the company shut down its IT systems to halt the cyber attack and protect it from malware, breaches of valuable documents, and theft of customer details - remain open this week.
Reports suggest retailers have been able to register some new models, though via a more arduous process of calling the DVLA each time a vehicle is put on the road.
It comes at a salient period of the calendar year, with the new '75' plate launched this month, which typically attracts more showroom visits and model sales than at any time of the year.
One major JLR dealer has said the business has yet to 'give us a timeline' on when systems will be back online, though the manufacturer is providing updates every few hours.
Thousands of existing customers also now face delays getting their vehicles fixed as a result of the business-wide system shutdown.
JLR told the Daily Mail on Friday: 'Retailers are continuing to carry out repair work using locally held stock and we are supporting our retailers with access to our diagnostic systems to allow the, to continue work on client vehicles while are systems are not accessible.
'Our roadside assistance service is operating with our dedicated fleet of branded vehicles, actively supporting clients in need - whether they've experienced a breakdown or require roadside assistance.'
David Bailey, professor of business economics at Birmingham University, warns the impact of the cyber attack should not be underestimated, saying it could cost JLR a 'catastrophic' £5million a day
The car maker, which has its headquarters in Coventry, employs 32,800 people in the UK
JLR dealers remain open this week. Some were able to register new 75-plate cars last week, it was reported
On Wednesday, the hacker group also responsible for the highly damaging attack on Marks and Spencer earlier in the year, confirmed it was behind the breach of JLR's systems.
The group of young English-speaking hackers – who are thought to be teens calling themselves 'Scattered Lapsus$ Hunters' – told the BBC how they allegedly accessed the car maker.
However, they are yet to confirm if they have successfully stolen private data from JLR or installed malicious software onto the company's network.
The hacking group posted two images this week showing apparent internal instructions for troubleshooting a car charging issue and internal computer logs.
Security experts say these images suggest the group had access to information they should not have.
The This is Money Motoring Club is designed to make car ownership cheaper and simpler for This is Money and MailOnline readers.
Powered by MotorEasy it's the place to keep on top of tax, MOTs and servicing - and manage important documents and receipts that keep your car’s value.
You can also save money on maintenance and repairs.
All new members will receive a one-off gift of £20 in reward vouchers to spend.
You can use this for a raft of motoring discounts, including getting £20 off an MOT with one of MotorEasy's listed providers.
> Find out more about the This is Money Motoring Club
JLR, which is owned by India's Tata Motors, shut down its systems late Sunday night when it first identified the breach in what experts describe as a 'textbook move' to limit potential damage from cyber attacks.
However, as of today, the systems are still yet to come back online.
JLR's ability to react so quickly to the breach is partly thanks to its IT service provider also being a subsidiary of its parent group.
TCS - Tata Consultancy Services - is responsible for the car maker's IT and cybersecurity systems, having extended its partnership in 2023 to 'accelerate digital transformation across its business'.
Commenting on the cyber incident, Dray Agha, senior manager of security operations at security specialist Huntress, told the Daily Mail: 'This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month.
'Cybercriminals know this, and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.'
Agha added that restarting these systems is a 'complex' operation.
'While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack.
'Containment and recovery are crucial parts of responding to an incident, and many organisations still do not have the detection and response technologies to neutralise security intrusions.'