By Editor,Rob Hull

Copyright dailymail

Jaguar Land Rover factories will continue to down tools for another week as the car maker confirmed its production pause has been extended until next Wednesday as it continues with its ‘forensic investigation’ into the cyber attack that’s crippled the manufacturer since the beginning of the month. The company has informed staff, suppliers and partners that the factory shutdown enforced from 31 August will continue until 24 September at the very earliest. It means JLR plants in the UK, Slovakia, India and Brazil will not have signed a single vehicle off the assembly line for almost four weeks, with the breach reportedly costing the company £5million per day in lost revenue.

‘We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,’ a JLR spokesman told Daily Mail. ‘We are very sorry for the continued disruption this incident is causing and we will continue to update as the investigation progresses.’ The latest statement comes a week after JLR officially confirmed that ‘some data had been affected’ by the cyber breach.

The car maker, which was forced to immediately shut down its global online systems following the breach late on Sunday 31 August, had previously stated there had been ‘no evidence any customer data has been stolen’. But last Wednesday it confirmed: ‘As a result of our ongoing investigation, we now believe that some data has been affected and we are informing the relevant regulators. ‘Our forensic investigation continues at pace and we will contact anyone as appropriate if we find that their data has been impacted.’

When pressed by the Daily Mail regarding whether this is customer data, a JLR spokesperson refused to comment beyond the official statement provided. Britain’s second biggest car maker has this month drafted in third-party cybersecurity specialists and law enforcement to understand the full consequences of the attack. The fallout from the cyber breach has been described as the British vehicle manufacturer’s ‘worst crisis since the pandemic’.

While JLR continues to attempt to reboot and reinstate its online applications in a ‘controlled and safe manner’, dealers also face difficulties registering new models during one of the calendar’s busiest months for car sales. In the meantime. online catalogues of spare parts cannot be accessed, and diagnostic equipment used to identify reliability issues are not working, which means thousands of existing customers are already facing repair delays. According to The Times , JLR bosses behind closed doors have conceded that it will take ‘a matter of weeks rather than days’ to bring its systems back online.

Young English-speaking hackers – who are thought to be teens calling themselves ‘Scattered Lapsus$ Hunters’ – earlier this month laid claim to being responsible for the breach of JLR’s systems. This is the same group behind the highly damaging attack on Marks and Spencer earlier in the year. Despite owning up to the breach, they have yet to confirm if they successfully stole private data from JLR or installed malicious software onto the company’s network. However, security experts who have analysed the images shared by the hackers have warned they appear to have successfully accessed information they should not have.

The hacker posted two images just three days after carrying out the cyber attack. These showed apparent internal instructions for troubleshooting a car charging issue and internal computer logs. Co-op, which alongside M&S and Harrods also fell victim to hackers in spring this year, like JLR had originally hinted that customer data had not been accessed. On 30 April the retailer stated that a breach of its IT systems would only have a ‘small impact’ on its call centre and back office. But in July its chief executive issued a grovelling apology after confirming that all 6.5million of its members had their data stolen as a result of the attack .

Experts have warned there will be ‘long tail’ ramifications of the cyber breach for JLR, with suppliers already raising concerns about the impact of its near operation-wide shutdown. Local companies providing parts for its vehicles have already temporarily laid off workforces in response. There have been suggestions that the government could be forced to step in with financial support to cushion the impact on JLR’s suppliers. David Bailey, professor of business economics at Birmingham University, has warned that the cyber breach could cost the car maker a ‘catastrophic’ £5 million a day.

Commenting on the cyber incident, Dray Agha, senior manager of security operations at security specialist Huntress, told the Daily Mail: ‘This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month. ‘Cybercriminals know this, and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.’

Agha added that restarting these systems is a ‘complex’ operation. ‘While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack. ‘Containment and recovery are crucial parts of responding to an incident, and many organisations still do not have the detection and response technologies to neutralise security intrusions.’ A spokesperson for the National Cyber Security Centre has said it is working with JLR to ‘provide support’ as it continues to understand the full ramifications of the breach.