Jaguar Land Rover was forced to shut down production and retail systems this week after a cyberattack disrupted operations at key UK sites, including the Halewood plant in Merseyside, the company said on Tuesday. JLR described the disruption as “severe” and confirmed it had taken systems offline as a precaution while it works to restore operations in a controlled manner. The carmaker said there was no evidence that customer data had been stolen.
The incident began as Britain’s “75-plate” registrations hit showrooms, among the busiest weeks of the year for dealers. Workers at Halewood were told early on Monday not to report for duty as the company enacted a protective shutdown across applications that support manufacturing and sales. Dealers reported they could not register new cars on Monday, compounding the timing problem during plate-change week.
A group of English-speaking hackers with links to the attack on Marks & Spencer this year claimed responsibility on Wednesday via a Telegram channel that combines the names of Scattered Spider, Lapsus$, and ShinyHunters. The channel posted a screenshot that appeared to show access to internal JLR systems. Britain’s National Crime Agency said it was aware of the incident and was working with partners to understand its impact.
Operational fallout has extended beyond JLR’s plants. Industry sources told The Guardian that suppliers, which make just-in-time deliveries to JLR factories, could lose tens of millions of pounds in sales if stoppages persist. The dealer network’s registration issues on Monday added pressure during a crucial sales window.
The company’s parent, Tata Motors, told investors JLR was “working at pace” to resolve global IT problems affecting the business. Tata Motors shares fell about 0.9 percent in Mumbai on Monday after the disclosure.
The attack lands as JLR is managing a challenging year. Underlying pre-tax profit fell 49 percent to £351 million in the quarter to June. The company delayed the launches of its electric Range Rover and next-generation Jaguar models until 2026 and announced up to 500 management job cuts in July.
PB Balaji, currently Tata Motors’ chief financial officer, is due to become JLR’s chief executive in November, succeeding Adrian Mardell, who is retiring. Earlier this year, JLR paused exports to the United States amid tariff uncertainty; a subsequent UK–US deal reduced those car export tariffs, but only after the quarter in which profits fell.
This incident is not JLR’s first run-in with cybercriminals this year alone. In March, hackers affiliated with the HELLCAT group claimed to have leaked internal material, including source code and employee details, which researchers later reported a second data dump by a separate actor. While those earlier breaches focused on data, the current episode underscores the operational stakes when attackers reach systems tied to production and retail.
JLR has invested heavily in its digital backbone. In September 2023, it expanded a five-year partnership with Tata Consultancy Services valued at more than £800 million to simplify and manage its IT estate and accelerate digital transformation. That outlay is now being tested by the demands of recovery and the need to harden the boundary between administrative networks and factory-floor systems.
The company said it is restoring applications in phases and declined to provide a timeline for full resumption of normal operations. As of Tuesday, it maintained that no evidence had emerged of stolen customer data, even as manufacturing and retail remained severely disrupted.
