Jaguar Land Rover has been forced to halt production at its British manufacturing plants after falling victim to a major cyber attack that has “severely disrupted” retail and production activities across the luxury carmaker’s global operations.
The Tata Motors-owned company confirmed on Tuesday that it had shut down its IT systems as a precautionary measure after detecting the security incident, leaving dealers unable to register new vehicles on the crucial “new plate day” when the 75 registration was introduced on 1 September.
Workers at the brand’s Halewood plant on Merseyside were instructed to stay at home following the breach, with production staff told to avoid reporting for their 4.30am shift whilst another group were sent home after arriving at the facility, the Liverpool Echo reported, citing internal communications.
The Liverpool Echo reported that an email sent to employees stated: “The leadership team has agreed that production associates will be stood down and will have hours banked in line with the corridor agreement.” The message confirmed that only workers with “specific skills” would be required to attend work for “essential activities” as the company scrambled to contain the cyber incident.
In a statement to the Indian stock exchange, parent company Tata Motors described the breach as an “IT security incident” whilst JLR confirmed it was “working at pace to restart our global applications in a controlled manner.” The British luxury carmaker stressed there was “no evidence at this stage that any customer data has been stolen” despite the significant operational disruption.
The attack has dealt a severe blow to JLR at a critical time, with 1 September traditionally marking one of the busiest days in the automotive calendar as customers rush to purchase vehicles with new registration plates. Dealers reported being unable to register any new vehicles on the day, potentially costing the company millions in lost sales.
Sources indicate that production at the prestigious Solihull plant, where the flagship Range Rover and Range Rover Sport models are manufactured, has also been halted. The cyber incident is understood to be impacting parts supplies and new car handovers across the dealer network, though JLR declined to confirm specific details or provide a timeline for resolution.
The breach adds to mounting challenges for the British automaker, which has been navigating a complex transformation under outgoing chief executive Adrian Mardell. The executive, credited with delivering 10 consecutive profitable quarters following pandemic losses, announced his retirement in late July after 35 years with the company.
His successor, PB Balaji, currently serving as group chief financial officer at Tata Motors, will become JLR’s first Indian CEO when he takes the helm in November. The 54-year-old executive, who holds degrees from IIT Chennai and IIM Kolkata, has been closely involved with JLR’s transformation over the past eight years and will oversee the rollout of the brand’s flagship electric vehicles.
The cyber attack comes at a particularly sensitive time as JLR prepares for a radical reinvention of its Jaguar brand. The company unveiled its controversial Type 00 concept car at Miami Art Week last November, showcasing a dramatic departure from traditional design that divided opinion. Reform UK leader Nigel Farage branded the new direction “woke,” whilst others praised the bold modernisation.
Mardell defended the polarising rebrand, suggesting critics had been “too harsh” whilst acknowledging it brought “unprecedented attention to the brand at a critical time.” The first production model under Jaguar’s new all-electric strategy, a four-door grand tourer, is scheduled for launch in late 2025.
The incident follows a troubling pattern of cyber attacks targeting JLR throughout 2025. In March, the HELLCAT ransomware group claimed responsibility for stealing 350 gigabytes of sensitive data, including proprietary source code, internal documents, and employee information. Security researchers reported that attackers exploited stolen Atlassian JIRA credentials that had been harvested through infostealer malware over several years.
A second threat actor known as “APTS” subsequently claimed to have accessed JLR systems using credentials dating back to 2021, highlighting potential vulnerabilities in the company’s credential management practices. Hudson Rock CTO Alon Gal noted that many compromised credentials were years old, suggesting the company had failed to implement robust credential rotation policies.
The automotive industry has emerged as a prime target for cybercriminals, with security researchers documenting over 735 significant incidents directly targeting the sector since 2023. Modern vehicles contain over 100 million lines of code and approximately 30,000 components, creating numerous entry points for sophisticated attacks.
JLR joins a growing list of British companies hit by cyber security incidents in recent months amid a global surge in ransomware attacks. The disruption underscores the vulnerability of modern manufacturing operations to digital threats, particularly as automakers undergo rapid digital transformation through connected vehicles and electric infrastructure.
For JLR, the immediate priority is restoring production and retail systems whilst assessing the full scope of the breach. With uncertainty surrounding the attack’s impact and no confirmed timeline for recovery, questions remain about the resilience of UK manufacturing firms as cyber crime becomes an increasingly costly threat.
The company’s public-facing website, including its car configurator, appears to remain operational. However, the full extent of the disruption to JLR’s supply chain, manufacturing capabilities, and dealer network remains unclear as the investigation continues.
Industry experts warn that the exposure of proprietary software code in previous breaches could have long-term implications, potentially allowing hackers to identify vulnerabilities in vehicle systems. As one security analyst noted: “Source code is the digital backbone of modern cars. Exposure means hackers can scour through it, identifying vulnerabilities that could later be exploited.”
The latest incident serves as a stark reminder that no company, regardless of prestige or size, is immune from cyber threats in an increasingly connected automotive landscape.
Follow for more updates on Britannia Daily
