JLR says some systems back online as hack costs loom for Tata Motors
The company has been unable to produce and dispatch cars to its dealers since 31 August after the hack hit its digital systems. The disruption comes just five months after the company had to halt exports to the US, its biggest market, for a month due to the uncertainty over US tariffs.
Tata Motors Ltd is facing a big revenue hit from a cyberattack at its UK-based subsidiary Jaguar Land Rover (JLR) that halted production in a second disruption this fiscal, even as the group on Thursday managed to put some systems back online.
“Industry studies estimate that every hour of downtime in an automotive plant can cost between $1.5-2 million in lost output," said Harshvardhan Sharma, group head for auto tech and innovation at Nomura Research Institute Consulting & Solutions India.
The hack is expected to cause a revenue loss of up to £2 billion as JLR did not have insurance against the cyberattack, the Financial Times reported. When layered on top of tariff pressures and margin volatility, even a short disruption can distort quarterly performance and slow vehicle availability in export markets.
Since 31 August, the company has been unable to produce and dispatch cars to its dealers. The disruption comes just five months after the company had to halt exports to the US, its biggest market, for a month due to the uncertainty over US tariffs, which prompted JLR to guide for a decline in full-year revenue and profitability.
“We have informed colleagues, suppliers and retail partners that sections of our digital estate are now up and running. The foundational work of our recovery programme is firmly underway," JLR said in a press statement on Thursday night. The parts division is resuming full operations, which will help in supplying parts to retail partners, it said.
“The financial system we use to process the wholesales of vehicles has been brought back online and we are able to sell and register vehicles for our clients faster, delivering important cash flow," the statement said. It added that the company is working to resolve the backlog of payments to suppliers.
However, the statement did not say anything about production.
The twin troubles are expected to strain the balance sheet of its Indian parent, Tata Motors, as JLR contributed 71% of its ₹4.40 trillion revenue and 79% of its ₹55,216 crore operating profit in 2024-25. Since the current disruption at JLR started on 1 September, Tata Motors’ shares have fallen 3.7% against a 4.2% rise in the Nifty Auto index.
The cyberattack had left the Tata Group brass scrambling for a fix, with chairperson N. Chandrasekaran asking for weekly updates on the situation, an executive directly aware of the matter said. Tata Consultancy Services Ltd (TCS), the conglomerate’s flagship information technology (IT) company, is working with JLR to contain the hack.
“At least 50 TCS executives have been involved in finding a solution to the problem, which could be at least two to three weeks away. Chief executive officer (CEO) K. Krithivasan is also regularly taking updates from his team," the executive quoted earlier said. In 2023, TCS and JLR signed a $1 billion deal under which the IT firm would develop and manage the digital infrastructure of JLR, including cybersecurity.
The company also engaged the UK National Cyber Security Centre, among others, in countering the cyber attackers.
Mint’s emailed queries to Tata Motors, JLR and TCS did not elicit a response until press time.
How the attack unfolded
The hack first came to light on 1 September as JLR’s dealers faced challenges in registering new sales in the company’s internal system. At its plants in the UK and abroad, the digital systems stopped working.
JLR first confirmed the cyberattack in a statement on 2 September: “JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner."
The hack has disrupted production at its three manufacturing facilities in the UK—Solihull, Halewood and Wolverhampton—and the ones in Pune, India, and Nitra, Slovakia.
The company has continued to defer production.
The cyberattack was carried out by Scattered Lapsus$ Hunters—a cybercrime group including Scattered Spider and Lapsus$—and ShinyHunters. They penetrated JLR’s software through a UK-based vendor whose system was linked to the car company.
The hackers altered the company’s user interfaces, a second person with knowledge of the matter said. “The PowerShell commands they had were all interlinked in such a way that it was very devastating."
PowerShell is an automation and management tool developed by Microsoft to operate software by using single-line commands.
Once inside the JLR systems, the attackers also stole data and made internal changes, two other executives said. Mint could not ascertain how much data was stolen.
This cyberattack disrupted the operations at JLR’s factories, dealers and supply chain partners.
The company is unable to take online orders in many of its facilities, and its IT infrastructure is still down. Dealers could also not register and service vehicles or access parts for repairs. The company’s statement on Thursday said these were online again.
TCS’s cyber defence teams had to shut down large parts of the carmaker’s IT infrastructure to prevent the attack from spreading.
“This was one of the longest and most devastating cyberattacks that TCS faced. This also caused reputational harm to the company," said the second executive on condition of anonymity.
Many of TCS’s existing clients in the UK, including Marks & Spencer and Co-op, have also faced similar cyberattacks in the last 12 months.
Caught in two storms
JLR has already lowered its guidance for the financial year 2026 to 5-7% from the earlier predicted 10% after the US imposed tariffs on exports from the UK.
“The tariff impact will be primarily on Jaguar Land Rover. Tariff has gone up from 2.5% to 27.5%, and under the UK-US FTA, the tariff is 10%," Tata Group chair Chandrasekaran said during the annual general meeting of Tata Motors on 20 June. “The overall impact would have been £1.6 billion. But due to the steps taken by JLR, the impact has gone down to £600 million, which is visible in the margin guidance."
Citing tariffs, the company had already predicted that it would end the current financial year with nearly zero free cash flow. Moreover, JLR is also under a leadership transition phase, with Tata Motors chief financial officer P.B. Balaji soon to take over as the next chief executive from November.
Mumbai-based Tata Motors will see an outsized impact on its books due to the disruption at its global unit, according to Sharma of Nomura Research Institute. “Global automakers typically see 25-30% of their Ebitda exposure linked to their premium or export-oriented units, meaning that a disruption abroad can materially affect consolidated results, even if domestic operations remain stable."
That was reflected in the June quarter when the production halt after the US tariffs hit the company’s earnings. Tata Motors’ consolidated profit fell about 63% from a year earlier, while its consolidated revenue declined 2.5% to ₹104,407 crore.
“The company’s performance in this quarter was impacted by volume declines and a drop in profitability primarily at JLR, affected by the US trade tariff impact," Balaji said on 8 August.
After Tata Motors’ investor day in June, analysts already had a weak outlook for its UK-based luxury arm.
Analysts at Motilal Oswal Financial Services wrote in a 10 June note: “JLR is facing multiple headwinds, which include tariff-led uncertainty for exports to the US, demand weakness in key regions like Europe and China, and rising VME (variable marketing expenses), warranty and emission costs."
topics
