JLR will restart car production from Wednesday, more than six weeks after plants were shut down following a cyber attack that incapacitated its entire global business.

This will begin with the Wolverhampton engine plant and Birmingham battery centre tomorrow (8 October), followed by stamping operations in Castle Bromwich, Halewood and Solihull. 

The Solihull body shop, paint shop and logistics centre – which all feed the British car maker’s global operations – will also restart on Wednesday.

Vehicle manufacturing will “closely” follow this and begin at an unspecific point this week, said JLR.

This will start with the Land Rover Defender and Land Rover Discovery lines at Nitra, Slovakia, and the Range Rover and Range Rover Sport lines at Solihull. 

When production at Halewood will restart is currently unknown, but JLR said further updates “will follow”.

The plant currently builds the Range Rover Evoque and Land Rover Discovery Sport and is being transformed as part of a £500 million project to produce JLR's incoming EVs.

In what state production will restart is as yet unknown, but it is expected to initially be restricted, given that JLR has referred to resumption of operations as a “controlled, phased restart”.

On Tuesday (7 October), JLR also confirmed that it's setting up a new financing scheme to pay “qualifying” suppliers ahead of the production restart in an effort to “aid their cash flow in the near term”. 

Suppliers have struggled during the production shutdown, with some having to lay off staff just to stay in business. Such have been the difficulties that MPs stepped in and committees were set up.

“This week marks an important moment for JLR and all our stakeholders as we now restart our manufacturing operations following the cyber incident,” said JLR CEO Adrian Mardell. 

“From tomorrow, we will welcome back our colleagues at our engine production plant in Wolverhampton, shortly followed by our colleagues making our world‑class cars at Nitra and Solihull.

“Our suppliers are central to our success, and today we are launching a new financing arrangement that will enable us to pay our suppliers early, using the strength of our balance sheet to support their cashflows.

“I would like to thank everyone connected to JLR for their commitment, hard work and endeavour in recent weeks to bring us to this moment. We know there is much more to do but our recovery is firmly under way.”​

The cyber attack on 1 September brought all factories to a halt and incapacitated JLR, forcing it to shut down its internal computer systems in an effort to protect data from being stolen.

This resulted in production shutdowns at all of its global plants, created issues with parts ordering and stifled retailers.

The impact on volumes will be made clear when the company releases its production numbers for the quarter, but in the three months to the end of September last year, it produced more than 80,000 cars.

The effect could be costing JLR up to £5 million a day, business economics professor David Bailey has told Autocar.

Government to underwrite £1.5bn JLR loan

The restart announcement comes after the UK government said it will guarantee a £1.5 billion loan to JLR, to help it support suppliers who have been hit by the production shutdown.

The loan to the Tata-owned car maker will be issued by a commercial bank but will be underwritten by the UK government.

As well as costing JLR an estimated £50 million a week, the cyber attack has badly hit JLR's suppliers. 

It's estimated that around 150,000 people are employed by some 700 British firms that supply JLR, and the UK government had been investigating ways to support them, such as a furlough scheme or loans.

It will instead underwrite a single loan to JLR through the Export Development Guarantee (EDG), with JLR repaying the money over a period of five years. 

Business secretary Peter Kyle said on 27 September that the loan guarantee "will help support the supply chain and protect skilled jobs in the West Midlands, Merseyside and throughout the UK".

Chancellor Rachel Reeves added that the loan would help JLR "support their supply chain and protect a vital part of the British car industry".

Since the attack, JLR has been able to restore some of its IT systems following the and has started paying some of its suppliers.

JLR hack: what happened?

Autocar first reported issues affecting JLR on 1 September, when dealers couldn't register new cars on 'new plate day', traditionally one of the year's busiest for registrations.

In an effort to combat the hack, JLR began “shutting down" its systems on 2 September. It has not produced any cars globally since, leading to millions of pounds of lost income.

The extent of the issues meant JLR brought police and cybersecurity experts in to “restart our global applications in a controlled and safe manner”.

During this process, which included an investigation, it was discovered that "some data" was "affected", according to JLR. Those affected will be contacted, the firm said.

It's not officially known what data was taken or if a ransom demand has been made, but it is thought it most likely involves customer data, given the involvement of the police.

Who has claimed responsibility for JLR hack?

On 3 September, a group of hackers calling themselves Scattered Lapsus$ Hunters claimed responsibility for the attack on JLR.

This is the same group that hacked Marks & Spencer in May, causing the British retailer seven weeks of disruption and costing £300 million in lost operating profit.

It claimed to have obtained JLR customer data after exploiting a similar flaw in the car maker's IT system. The claim was made on a Telegram messenger group, where a user linked to the hackers posted a screenshot of what appeared to show JLR's internal system.

A member of the group revealled that a well-known flaw in SAP Netweaver, a third-party software used by JLR, was exploited to access the data.

The US's Cybersecurity and Infrastructure Security Agency warned about the flaw earlier this year. An update for the software was released, but whether JLR applied it is unknown.

It's also not known what data was taken or if a ransom demand has been made of JLR.