Jaguar Land Rover Operations Crippled From Cyber Attack

Jaguar Land Rover (JLR) has reportedly been forced to suspend production and and even sales while it restarts operations following an assumed cyber attack.

According to The Guardian, the India-based Tata Motors’ Global IT department has been working to address potential vulnerabilities for its Jaguar and Land Rover brands. In the meantime, production and retail operations are being paused. Workers at the Halewood Assembly Plant in Merseyside, England, have confirmed that they were told not to come in on Monday morning so that the matter could be dealt with.

From The Guardian:

One cybersecurity specialist said the speed of the shutdown underlined the seriousness of the threat facing JLR’s operations.

“JLR’s decision to proactively shut down global manufacturing suggests this attack may have been targeting their operational systems, not just customer data,” said Oakley Cox, a director at the UK cybersecurity firm Darktrace. “The speed of their response is telling – you don’t typically halt production across multiple sites unless there’s genuine concern about operational impact.”

JLR did not give more details about who was behind the cyber incident, when it was discovered or how long it would take to recover from it.

The UK’s National Cyber Security Centre was contacted for comment.

Very little information about what actually happened has been released and that may simply be because nobody at the company actually knows. But Jaguar Land Rover has stated that it doesn’t believe there was a data breach.

“We are now working at pace to restart our global applications in a controlled manner,” JLR said in a brief statement. “At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”

Hacker groups have claimed to have obtained data from JLR in the past, however. In March of this year, the Hellcat ransomware group claimed to have stolen data from the automaker. Breaches were said to include corporate documents, proprietary source codes, tracking information, employee data and more. Jaguar Land Rover downplayed the situation, noting that it was not the only business dealing with the issue.

March of 2025 saw a rash of cyber attacks, most of which were said to be ransomware incidents that locked companies out of their own systems. It seems plausible that what happened to JLR this week could be similar. Automakers have likewise exposed themselves to more incidents as they’ve digitized their vehicles and turned to companies like Amazon to handle their cloud computing. Relative to the past, there’s just more data to scoop up and more places to nab it from now that practically everything has been connected to the internet.

[Images: Jaguar Land Rover]

Become a TTAC insider. Get the latest news, features, TTAC takes, and everything else that gets to the truth about cars first by  subscribing to our newsletter.