Jaguar Land Rover hit by cyberattack

Manufacturing and retail operations ‘severely disrupted’

Image:

JLR, Halewood. Source: David Long, CC BY-SA 2.0

Jaguar Land Rover (JLR), the British carmaker owned by India’s Tata Motors, has suffered a major cyberattack that has “severely disrupted” its vehicle production and retail operations.

The company revealed it had taken immediate, proactive measures to contain the issue, including shutting down its systems temporarily to mitigate the impact, and is now working rapidly to restart operations worldwide.

The cyberattack, which began on Sunday, coincides with a crucial time for the UK automotive market – the release of new registration plates on 1st September – a traditional period when many customers take delivery of their new vehicles.

Early Monday, employees at JLR’s Halewood plant in Merseyside were instructed via email not to report to work, with some staff sent home, according to media reports.

JLR’s official statement confirmed that while their retail and production activities have been “severely disrupted,” there is currently no evidence that customer data was compromised or stolen.

Despite the disruption, the company stressed that it is “working at pace to restart our global applications in a controlled manner.”

The incident adds to existing pressures on the luxury carmaker, which has been grappling with declining profits partly caused by US tariffs and waning sales.

In the three months leading to June, JLR’s underlying pre-tax profits plunged by 49% to £351 million, impacted by a significant pause in exports to the US.

While a subsequent UK-US trade deal reduced tariffs from 27.5% to 10%, the export halt contributed to nearly a £700 million drop in revenue, down 9.2% year-on-year to £6.6 billion.

Tata Motors’ shares dipped by 0.9% in Mumbai following the disclosure of the cyber incident on Monday, reflecting investor concerns over this fresh operational challenge.

The exact perpetrators behind the cyberattack remain unknown, as JLR has not released further details regarding the discovery timeline or the projected recovery period.

The cyberattack highlights an increasing vulnerability for automotive firms as they digitise further and integrate IT (information technology) with OT (operational technology).

“With operations becoming more digitised, especially with the merging of IT and OT zones, automotive companies are more vulnerable to cyberattacks,” said James Neilson, SVP International at cyber security firm OPSWAT.

“The attack has hit Jaguar Land Rover during one of their busiest times of the year – when new registration plates are launched. This type of situation gives attackers substantial leverage over their victims.”

Legal expert Mark Tibbs, Partner at Mishcon’s Cyber Risk and Complex Investigations practice, praised JLR’s transparent and prompt crisis response but noted the serious implications.

“The severe disruption to retail and production activities highlights just how serious the impacts of cyber attacks can be.”

“While the details of this latest attack have not been made public, it follows unconfirmed media reports from March that JLR was targeted by the Hellcat ransomware group. In that incident, attackers allegedly used stolen Atlassian Jira credentials, obtained by malware, to access internal systems and steal sensitive data.”

“Recent media coverage has also indicated that the impact of the current incident has reached manufacturing, with staff at the Merseyside plant reportedly told to stay home while the company deals with the issues. This underlines the scale of disruption, with production activities halted.”

JLR, headquartered in Coventry with 32,800 employees across 17 UK sites, also faces longer-term challenges.

In July, the company delayed launching its new electric Range Rover and Jaguar models to 2026 from a prior target of late 2025. Concurrently, it announced cuts of up to 500 management roles through voluntary redundancies as it adapts to evolving market conditions.