Jaguar Land Rover reported a £310 million pre-tax loss for the three months ending December 31, the latest financial casualty from a cyber attack that shut down production five months ago and still hasn't stopped costing the company money.
The UK's largest automaker booked another £64 million in costs related to the September 2025 breach during its third fiscal quarter, according to reporting by ITV News and Yahoo Finance. That brings total losses from the attack above £500 million across two quarters, with revenue down 39 percent year over year to £4.5 billion.
One year earlier, the same quarter posted a £523 million profit.
The breach began August 31, 2025, when IT managers at JLR's Halewood plant noticed abnormal system behavior. By September 1, security teams detected network intrusion and made the decision to shut down production entirely across all UK facilities in Solihull, Wolverhampton, and Halewood, plus international plants in Slovakia, Brazil, and India.
The five-week halt crippled Britain's automotive sector. According to the Society of Motor Manufacturers and Traders, UK car production fell 27 percent in September to just over 51,000 vehicles, the worst September since 1952. JLR normally produces roughly 1,000 vehicles per day across its UK operations.
The timing made everything worse. September marked the start of the 2026 model year for Range Rover and coincided with the UK's new vehicle registration plate changeover, traditionally one of the industry's strongest sales periods. Wholesale units dropped 43.3 percent compared to the prior year, while retail sales fell 25.1 percent, per Cybersecurity Dive.
Production didn't return to normal levels until mid-November, according to CEO P.B. Balaji, who took over from former boss Adrian Mardell in November. "Q3 was a challenging quarter for JLR," Balaji said in a statement reported by GB News.
The Cyber Monitoring Centre, an independent nonprofit tracking high-impact cyber events, classified the attack as a Category 3 incident, denoting an external cyber threat with serious consequences. CMC chair Ciaran Martin called it "by some distance, the single most financially damaging cyber event" in UK history, with total economic impact estimated at £1.9 billion when supply chain disruption is factored in.
Approximately 5,000 organizations felt the ripple effects. Evtec Group, a Coventry-based equipment manufacturer, placed 900 employees on short-time working at 80 percent pay for the duration of the shutdown and estimated losses at £13 million, according to SOS Ransomware. Company chairman David Roberts said government emergency measures prevented widespread supplier bankruptcies.
The attack was reportedly a social engineering breach claimed by the same threat group linked to an April 2025 attack on Marks & Spencer, per Cybersecurity Dive. In January 2026, JLR notified current and former employees that their personal data had been compromised in the breach.
Beyond the cyber attack, JLR's losses stem from multiple fronts. The company is winding down production of legacy Jaguar models ahead of the brand's electric relaunch later this year. U.S. tariffs hammered exports, with North American wholesale sales plunging 64.4 percent. China market conditions deteriorated.
Balaji projects performance will improve significantly in the fourth quarter as production stabilizes and the new all-electric Jaguar GT approaches launch alongside the first Range Rover Electric. Whether those new models can reverse the financial bleeding remains uncertain.
For now, Britain's automotive flagship is still tallying costs from an attack that lasted five weeks but will likely take years to fully recover from. The production lines are running again. The balance sheet tells a different story.