Jaguar Land Rover Hack 'Has Cost 30,000 Cars and Threatens Supply Chain'

Jaguar Land Rover has halted production for nearly a month following a major cyberattack, costing an estimated 30,000 vehicles and billions in lost revenue. "The company said on Tuesday that production would be halted for another week until at least October 1, which increased concerns that a full return to production could be months away," reports The Times. From the report: David Bailey, professor of business economics at Birmingham University, said the JLR statement did not commit to reopening production on October 1 and even if it did "it's not going to be back to normal, but phased production start with some lines opening before others, as we saw after the Covid closure back in 2020." He said: "It's 24 days [shutdown] as of September 24. So that is roughly 1,000 cars a day, 24,000 cars not produced. So by then, that's about 1.7 billion pounds in lost revenue. By October 1, it will be a hit to revenue of something like 2.2 billion pounds. It's pretty massive. JLR can get through, but they're going to be burning through cash this month."

Bailey also raised concerns that smaller companies further down the supply chain lacked the cash reserves to withstand the shutdown. The company directly employs more than 30,000 people, and it is estimated that approximately 200,000 workers in the supply chain depend on work from JLR. "The union has said that in some cases, staff have been told to go and apply for universal credit. There are firms I know that have applied for bank loans to keep going. But even then, you know they're approaching the limit of what they do. There's an added knock-on effect that some of the suppliers also supply other car assemblers, Toyota or Mini. So some of those are concerned that bits of the supply chain may go under and affect them as well, because the industry is so connected. One way or another, the government's going to take a hit. Either through some sort of emergency support, whether that's furlough or emergency short-term loans or through unemployment benefit, if this carries on."

There has been uncertainty over the extent of the cyberattack and exactly how the company has been affected, as well as who is responsible for it. According to one source, some JLR staff were still unable last week to access the Slack messaging system through the company's "one sign on" system. The JLR statement added: "We have made this decision to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation."

Re:Costs

[Askmum]

You still have to pay the workers (no, you can't send them on unpaid leave), pay electricity, there is the hidden cost of amortizations that continue without revenue.
To say that stopping production also stops spending shows a complete lack of understanding of even the basics of manufacturing.

Re:

[fluffernutter]

Then labor and real estate have cost them, not the lack of making cars.

Re:

[Askmum]

That's not what you said, you say "hasn't cost them anything". That's wrong. Not making cars still costs them money.
You are also misrepresenting the article. It says "costing 30.000 vehicles". That is a normal phrase for something you can't make even when it does not directly mean monetary value.

You are nitpicking something that needs not be nitpicked.

Re:

[fluffernutter]

Perhaps if these business leaders were aware that the fact that money flowed in the past does not mean it will flow in the future, then business plans would be more resilient to small interruptions like this.

Re: Costs

[Ogive17]

So their part suppliers who probably have a very small profit margin should charge more? Then they would likely lose the contract bid.

Being down for days is a very big struggle, bring down a whole month can wreck the supply chain.

Re:

[fluffernutter]

Why are they going into business at all if the profit margin is so small?

Re:

[Entrope]

Now your complaint is that capitalists are too efficient?

Low profit margins indicate the ability to run a business efficiently and without monopoly power to gouge customers.

Re:

[fluffernutter]

Operating on interest is not efficient.

Re:

[Entrope]

This has nothing to do with interest, you economic ignoramus.

Re:

[Pieroxy]

So, you know clearly nothing of value here but insist on spouting nonsense at every opportunity. You are either Donald Trump or a troll. Well, both are trolls, so now we know.

Re:

[fluffernutter]

Ok low profit is normal. But if you have b decided to go. Into low profit then you shouldn't complain about the consequences of that.

Re: Costs

[Ogive17]

I have a couple decades of experience in mass production supply chain. For something complex like an automobile, you could have 4 or 5 "tiers" of suppliers. Tier 1 suppliers are those who deliver directly to the production line, usually in sub assemblies. Tier 2s deliver to the Tier 1, and so on.

The lower in tier, often the more competitive the market can be because you're only supplying pretty basic components with no assembly. Increasing cost to increase profit margin could be the difference in winning a big contract or not. The companies bid on contracts that last maybe 3-5 years and are out in the future a couple of years. They operate on a very slim profit margin but are still making money.

You take that concept and add a bit more complexity for each tier it moves up until you get to the tier 1 where labor happens to be a big part of overall cost due to the sub assemblies they are putting together. If you're not producing anything, you're not selling anything. These companies are not sitting on a huge cash reserve.

Every slight change to the cost structure simply makes the end product more expensive, then you likely sell less vehicles.

Re:

[FictionPimp]

Things someone who has never worked at a startup says.

Re:

[fluffernutter]

I have never worked a start-up because I am not a gambler. I like a stable life. So that was on purpose. If I had decided to work for a start-up then I would have no leg to stand on.

Re:

[DarkOx]

This is what TBTF is all about. Big might be efficent but it is also brittle.

In a more ideal market place, supplies would have more clients, and each client would be a small enough part of their overall book of business, having one stop orders for a while would not put them out of business.

We used to have hundreds of small automakers, just in the US, now we probably don't have triple digits the world over.

Re: Costs

[kenh]

"Small interruption"? Really?

Jaguar Land Rover has halted production for nearly a month following a major cyberattack, costing an estimated 30,000 vehicles and billions in lost revenue.

A month of ZERO sales, where they previously sold 30,000 vehicles in the same period, is far from a "small interruption", especially when the average car sells for about (guessing) $50,000-75,000/each.

Re:

[Junta]

But the phrasing should be about losing money, not "losing" cars.

Re:Costs

[Askmum]

Do you honestly think they have those many billions in the bank? The rest of your post also show you have 0 idea of how a business works. And where does entitlement even come into play?

Re:

[Growlley]

finallt an honest right winger who practiced what he preached and watered the tree of the 2nd ammendment himself instead of expecting some one elses child to do it/ Why the guys almost a saint!

Re:

[Entrope]

Most companies are not like Apple. Companies who make components for cars deal primarily in physical goods being sold to businesses, and do not make huge profits by appropriating 30% (or whatever it is now) of every transaction in a digital market, or sell their own physical goods at high markup because they have public cachet. Apple has billions in the bank because they don't know what to spend all their profit on, and don't want to distribute it to shareholders or employees; manufacturing companies can

Re:

[drinkypoo]

Do you honestly think they have those many billions in the bank?

Jaguar says they have "a global cash balance of £4.2 billion [jlr.com] reflecting total cash and cash equivalents, deposits and investments" and corporations worldwide are hoarding cash [hec.edu].

It's unclear why you economics "experts" on Slashdot are ignoring the well known fact that corporations are actually sitting on trillions of dollars (or whatever currency units, ofc) at the moment, more than they have ever held previously, but ignorance isn't a good look.

Re: Costs

[kenh]

You left out their debt obligations:

Our total cash and cash equivalents, deposits and investments at 31 March 2024 were £4.2 billion1 (14.3 per cent of revenue), compared to £3.8 billion1 at 31 March 2023 (16.6 per cent of revenue). The balance at 31 March 2024 comprised cash and cash equivalents of £4.2 billion, of which £385 million was held in overseas subsidiaries, and deposits and other investments of £36 million. Including the £1.5 billion revolving credit facility (fully undrawn and committed until April 2026), total liquidity was £5.7 billion1 at 31 March 2024 versus £5.3 billion1 at the end of the prior year. The higher cash and liquidity is due to the strong cash flow. At 31 March 2024, gross debt was £4.9 billion and net debt (debt net of total cash and cash equivalents, deposits and investments) was £0.7 billion at 31 March 2024, £2.3 billion lower than the net debt position of £3.0 billion at the end of the prior year.

In March, 2024 they owed £4.9BN in debt and had various assets that totaled £4.2BN -
They are net £0.7 BN in debt...

Re:

[Junta]

While it may certainly reduce any sympathy, 'losing money' is still an apt term.

If I intercepted one of your paychecks, I think you'd fairly say that you 'lost money', despite having, presumably, some savings.

Now if you are a billionaire bemoaning losing a few thousand, I'm not going to be terribly moved by your plight, but I would still permit the phrase 'lost money'.

Re:

[fluffernutter]

But your paycheque is OWED to you for work that you have already done and also bound in labor laws. No one has a right to make money on cars. That wouldn't be capitalism.

Re:

[Kokuyo]

He didn't say stopping production stops spending.

He said not being able to produce doesn't cost the product. That phrasing may be applicable if we're talking about food in a famine. Then the lack of production becomes a cost to society. That is not what is happening here.

If you're gonna 'ackchually' people, especially with an ad hominem, you ought to take better care that you understood what was said.

Re:

[fluffernutter]

Yet every time I bring this up, people are all "but you have retirement funds". So yeah it is a cost to society by that definition.

Re:

[Growlley]

actually that's exactly what they have done!

Re:Costs [of lost opportunities to make sales]

[shanen]

Seems to me you are arguing with some sort of troll or idiot. The vacuous Subject may have been a hint? Actually sounds like a lot of the AC stuff, so maybe he usually posts as AC, seeking attention but recently noticed how ignorable AC is so he used a name this time?

However as regards your reply, I think you should also consider opportunity costs. Perhaps the main thing I learned in (computer and software) sales was that you can't sell merchandise you don't have. In the case of cars, there is some slack be

Re:

[mspohr]

TFA said the "cost 30,000 cars and billions in lost revenue"
Try reading the article again to understand economics.

Re:

[gweihir]

They have running costs, shipments of materials, orders that get cancelled, contractual penalties, etc. Business people get many things wrong, but this is not one of them.

Re:

[fluffernutter]

I have running costs too, that's why I have some savings.

Re:

[gweihir]

You are not an enterprise. You have personal flexibility an enterprise cannot even dream of.

Re:

[fluffernutter]

Examples?

Re:

[gweihir]

Are you serious?

Re:

[fluffernutter]

Yes. I have no idea how a company with billions of dollars has less flexibility than me. For example, I'm currently stuck living where I don't want to live because I can't afford to move where I want to live. So it's hard to see how an enterprise has less flexibility. It seems they make their offices wherever they want them to be.

Re:

[gweihir]

Enterprises have very long decision paths, massively branching implementation paths and a ton of people that do not want change. Changing things takes years or decades and is often impossible. You can just decide to move tomorrow, even if you have financial constraints.

Re:

[fluffernutter]

It's a weird comparison, because no I can't just pick up and go. My kids go to school here and I would be selfish and stupid to uproot them. I don't expect you to care about my kids, so you won't see that as an impediment either.

Re:

[TuballoyThunder]

How to say you don't know how business works without saying I don't know how business works. It is likely that you also believe that businesses should not make a profit.

Re:

[fluffernutter]

I guess only a short-sighted dick could really get it then.

Re: Costs

[TuballoyThunder]

Gosh, you know me so well. Ad hominem attacks are the refuge for people who know they have lost.

Re:

[VaccinesCauseAdults]

He is unwilling or unable to understand and differentiate various concepts such as revenue, profit, cashflow, creditor liabilities, parts, labour, and opportunity cost.

In his business, which is probably a lemonade stand on his parent’s lawn, a factory shutdown doesn’t cost anything and doesn’t affect revenue, P&L or balance sheet, because “cars that were never made haven’t cost anything”.

You're Embarrassing Yourself

[SlashbotAgent]

Business tycoon you ain't.

At least read the summary. Not building vehicles has a very real 2 billion GBP and counting cost.

Re:

[fluffernutter]

A cost means losing something you had coming to you.

Re:

[VaccinesCauseAdults]

Fluffernitter is unwilling or unable to understand and differentiate various concepts such as revenue, profit, cashflow, creditor liabilities, parts, labour, and opportunity cost. In his business, which is probably a lemonade stand on his parent’s lawn, a factory shutdown doesn’t cost anything and doesn’t affect revenue, P&L or balance sheet, because “cars that were never made haven’t cost anything”.

Re:

[kertaamo]

If cars are not made and sold then:
1) Workers still need paying (at least until you have to fire them all)
2) Factories need to be maintained.
3) The loans you made to build the factory and lines need paying.

In short no, the cost is not just in making them that can be turned on and off without loss, there are many other costs that cannot be paid if product is not being sold.

I mean really, consider that you yourself invested a billion dollars into new product design and development and all the factories and de

Re:

[fluffernutter]

That's why I don't gamble. If I choose to gamble my money away I don't complain about it

Re:

[VaccinesCauseAdults]

Surely even you would understand that when a grocery store is closed for an extended period, some milk and bread on the shelves and in fridges becomes spoilt and no longer sellable, some wages to workers that were going to stock the shelves or sell the milk is lost, contractual obligations to suppliers for unwanted milk and bread deliveries must be paid, etc? And that’s just a small grocery store. Not a high tech factory with industrial robots, complex production processes and deep supply chains.

Re:

[fluffernutter]

That is products that the store has already purchased. Not the same thing. Yes I agree that there are some costs but every business should plan for losses. A car not being made however is like a cow that hasn't been milked yet

Re:

[VaccinesCauseAdults]

The article provides an adequate summary of the situation.

For instance, it opens with the line: “Jaguar Land Rover has halted production for nearly a month following a major cyberattack, costing an estimated 30,000 vehicles and billions in lost revenue.” It then goes on to outline the impact on suppliers.

The shutdown resulted in billions in lost revenue. Your claim that “cars that were never made haven’t cost anything” is incorrect. When production is disrupted, revenue dec

They should look at the bright side ...

[Qbertino]

... and be glad it's not nearly as much economic damage as that recent absolutely epic hydrogen bomb of a Jaguar rebrand did. ROTFL!

Re:

[AmiMoJo]

Brexit and the fact that LR vehicles are very easy to steal due to a botched keyless entry system probably did more harm. COVID too of course.

Re:

[Viol8]

I just don't understand the rush to keyless ignition systems. Whats the advantage? So you get to keep the key in your pocket instead of the ignition barrel. Hardly the last word in reducing driving effort and just makes the cars easier to steal as you said. Seems to me manufacturers are just sheep jumping on fads - see also touchscreen infortainment systems.

Re:

[AmiMoJo]

Well the keyless entry can be useful. For example my car lets you open the boot by kicking under the bumper, if you have the key on you. Useful when your hands are full.

Anything less than 100% security negates that occasional benefit though.

Re: They should look at the bright side ...

[firewrought]

Small indulgences can have a huge impact on how customers feel about a product. That counts for a lot in the competitive high-end auto market.

Re:

[Megane]

Rusticles can't imagine that there are any vulnerability problems other than memory safety.

Rust will NOT save you from SQL injections or bad passwords.

Dubious Response

[kurt_cordial]

Why are you lecturing me on things I didn't say? If anything you agree with me. But plug my statement into ChatGPT if you need clarity. It implies that without Rust the self-driving simulation can be more thorough. But please, babble on about things I didn't mistake.

Re:

[kertaamo]

Where do you get that nonsense? Rusticles, those that use, Rust know full well that memory safety does not imply security (although it does prevent a whole class of programmer mistakes that could lead to security issues). I don't know any Rust users that are as stupid as you make out there.

Nowhere will you find any statement from the Rust developers or users that Rust would save you from SQL injections, bad passwords or the million other stupid things you can do in code.

Get that IT security right or die...

[gweihir]

We are not quite there yet, but close. And with AI mostly benefitting attackers, we may be there even as early as next year. It is high time that executives that screw up this massively are personally held accountable. With sane, competent leadership, you may be partially down for no more than a few days after such an attack. If the attackers get in at all. A month downtime just says they did not prepare at all and what they has in security was a complete joke.

Re:

[fuzzyfuzzyfungus]

Apropos of leadership accountability...

You know it's bad when those raging communists at Forbes think that your board structure is just shockingly incestuous [forbes.com].

What cost more?

[bradley13]

I wonder what cost more:

- The decision to hand their IT security to an Indian company. Yes, I know Jaguar is also owned by the same Indian holding company - doesn't matter.

- The decision to completely cease production until they could start producing EVs, resulting in months with no new cars being made.

- The idiotic advertising campaign that had zilch to do with cars, and that their customer base found offensive

Actually, looking at that list, I wonder why the entire management teams hasn't been fired.

Re:

[Anonymous Coward]

Actually, looking at that list, I wonder why the entire management teams hasn't been fired.

Because the HR workstations are still locked up from the last ransomware attack and they never reported it to the help desk.

Re:

[ArchieBunker]

This time might be different but I doubt anything was learned by the suits.

Re:What cost more?

[SlashbotAgent]

I want to defend the IT crew. Defending against ransomeware is not easy and recovery is a huge undertaking. It can really happen to anyone.

But, LandRover Jaguar do seem to be making some epically shit decisions on an industrial scale. The vehicles are garbage and look like shit. The advertising is unbelievably laughable. Management decisions are highly questionable...

If they survive at all, it will be a miracle. IT will take the blame. Of this I am sure. But, I am personally loath to blame IT without so much as a root cause analysis and post-incident review.

Re:

[strikethree]

Actually, looking at that list, I wonder why the entire management teams hasn't been fired.

Because success never questions itself.

Time to take IT seriously

[Going_Digital]

Companies like this will never learn, they bring in highly paid IT managers with their MBAs, whose job it is to micro optimise at the expense of the macro function. They listen to the BS being spouted by the sales drones from companies selling IT services, drop all their skilled IT staff and outsource to the cheapest providers. They need to stop treating IT as an expense like their energy bills and start treating IT as a strategic advantage to the company. Having a skilled IT workforce has a cost, but it results in a coherent IT environment and that is reflected in the results of the company.

They've asked for it

[devslash0]

They probably annoyed a blackhat hacker who's into JLR cars with their new branding rework so now they're getting what they deserve.

Have a back-up system in place....

[bsdetector101]

Production areas should be totally offline to prevent this. I worked at Merial Athens, Ga and our filling line was for years, completely off-line. Then Management decided that managers / supervisors should be able to watch the production with real time stats and cameras on site and off site. Told them they just made the area hackable !

Re:

[Entrope]

One can have monitoring systems connected to the Internet without connecting OT or production lines to the Internet -- although that may mean that your adversaries hack your CCTV and watch your people going to work.

And then some moron on the networking team decides it will save a few bucks to run everything as VLANs on a single switch, so that when (not if) that switch gets compromised, everything becomes accessible to attackers. Not that I'm bitter or anything.

Re:

[Pinky's Brain]

VLAN? In the age of microsegmentation? You make one huge LAN and rely on the OS firewalls and some endpoint security. Then you shout zero trust really loud and it scares the hackers away. They didn't shout loud enough it seems.

We Here At Slashdot Would Love To Say...

[classiclantern]

We here at Slashdot would love to say, We told you so but, our systems are not invulnerable and any hubris would be temping fate.

Re:

[timeOday]

When there are billions of dollars on the line, that is going to draw some very, very well-resourced attacks. I don't know if that's what happened here, or if Jaguar's defenses and mitigation plans were just THAT bad. But making a public example this disastrous, of a company that well-known, is like a huge shot in the arm to the extortion industry.

should be some High level execs

[Growlley]

fired and sued - but there won't!

Re:

[AnOnyxMouseCoward]

That's correct. I've seen so many posts here that blame IT, accounting, procurement, whatever. I've worked in large companies most of my life... and very few employees in any function want to do the wrong thing, or would want to prioritize profit over "correct" behavior. That's all the way from entry-level to middle manager (I include director level as middle manager), and including some VPs. People just don't care that much about corporate profit, when the counterbalance to corporate profit is doing a bad

Nothing that another diverse and colorful ad campa

[Lobotomy656]

Jaguar is already gone, they just haven't realized it yet. Cars were shit and sales were falling off a cliff, then UK decided that Brexit was a great idea which made everything 10x worse. So in order to save themselves they decided to appeal to a group of people who don't buy cars, are permanently broke and instead of working fight imaginary societal problems...

Re:

[Viol8]

Actually their last ICE vehicles were pretty good, but had bad marketing and were priced up market rather than the mid market they should have been.

But yes, their recent advertising campaign was just absurd performative virtue signalling which has made them a laughing stock.

Why attack Jaguar?

[roc97007]

They were going down on their own.

Fit and finish

[EmperorOfCanada]

I was in Canary Wharf the other day showing someone the concept of fit and finish. They have the perfect pairing. A BYD dealership right across from a Range Rover one. I showed how the gap in the various external panels just doesn't change on a BYD. That the plastic fittings line up, etc.

Then we went to the RR dealership and my companion was OMFG, these are trash. Then she pointed out that one of the panels had a clearly sweeping design which was supposed to line up with another panels design, but didn't. It just was made wrong.

So, I'm not sure how RR even noticed their systems were hacked. Did they suddenly start making good vehicles and were forced to investigate?