Jaguar Land Rover hit by major cyber incident, halts UK car production
Jaguar Land Rover has been hit by a cyber attack, disrupting production at its UK plants and retail systems. Tata Motors confirms global IT issues.
New Delhi: Jaguar Land Rover (JLR), one of Britain’s most famous carmakers and owned by India’s Tata Motors, has been forced to shut down parts of its production and retail systems after what officials called a "severe disruption” caused by a cyber attack.
The hack struck on Sunday, September 1, just as new UK registration plates were rolling out. By Monday morning, workers at JLR’s Halewood plant in Merseyside were told not to come in, while staff at the Solihull site were also sent home. According to the BBC, the attack was caught while it was in progress, and the company immediately shut down its IT systems to contain the damage.
What happened at JLR
The company has not yet confirmed who was behind the incident, but filings by Tata Motors to the Bombay Stock Exchange described it as an "IT security incidence” impacting global operations.
In a statement, JLR said, "We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.”
At this stage, there is no evidence that customer data was stolen. But the disruption has hit both retail and production activities, coming at a critical time when buyers usually take delivery of new cars.
JLR plants and retail disrupted
Both of JLR’s main UK factories were affected. Workers at Halewood and Solihull reported being told to stay home, and retail systems also went offline. The Liverpool Echo first reported that employees had received emails early Monday morning telling them not to show up for work.
Here’s a quick look at how operations were hit:
| Area impacted | Details |
|---|---|
| Halewood plant | Staff told not to come in on Monday morning |
| Solihull plant | Production disrupted, workers sent home |
| Retail business | Sales systems taken offline during new registration plate season |
| Global IT systems | Proactively shut down to stop spread of the attack |
| Customer data | No evidence of theft so far, company monitoring closely |
A string of UK cyber hits
The JLR attack is the latest in a series of high-profile hacks in Britain. In recent months, Marks & Spencer was forced offline for months after a hack that exposed customer data. Hackers also tried to break into the Co-op Group’s systems earlier this year.
The National Crime Agency confirmed it is aware of the JLR incident and is working with partners to understand the impact.
Why this matters
For JLR, the timing could not be worse. A Reuters report in July revealed delays in the launch of its electric Range Rover and Jaguar models. Now, with production halted and retail operations frozen, the cyber attack piles on fresh pressure.
Cybersecurity experts say ransomware gangs are increasingly targeting large manufacturing and retail companies because disruptions to factories and supply chains can force firms to negotiate quickly. In JLR’s case, the attack comes less than two years after the company signed an £800 million deal with Tata Consultancy Services to accelerate its digital transformation and boost cybersecurity.
What JLR says next
Tata Motors’ BSE filing on September 1 said, "We are working at pace to resolve global IT issues impacting our business. We will provide an update as appropriate in due course.”
As of now, operations are slowly being restarted in a controlled manner, but the fallout could take days to fully measure. With the UK car market already battling cost hikes and global tariff pressures, this incident adds yet another twist.