Jaguar Land Rover (JLR) has been forced to shut down production and retail operations following a cyber incident that has severely disrupted its IT systems.
The disruption has affected JLR’s two main UK manufacturing sites—Halewood in Merseyside and Solihull in the West Midlands—where workers were told not to attend shifts after systems were taken offline. Retail operations have also been impacted at what is traditionally a peak sales period, coinciding with the release of new 75-plate registrations on 1 September.
JLR confirmed that it had “proactively” shut down systems to contain the incident and is “working at pace to restart global applications in a controlled manner.” The company stressed there is currently no evidence customer data has been compromised.
Shares in Tata Motors, JLR’s Indian parent company, fell by nearly 1% in Mumbai after it notified investors of the disruption. The company described the event as a “global IT issue”, with widespread operational consequences. Cyber security specialists suggested the decision to halt production across multiple sites indicated the seriousness of the incident. “The speed of their response is telling – you don’t typically halt production unless there’s genuine concern about operational impact,” said Oakley Cox, a director at Darktrace.
The UK’s National Crime Agency and National Cyber Security Centre are working with JLR to assess the incident. The source of the attack has not been confirmed, though it comes in the wake of ransomware campaigns against major UK retailers including Marks & Spencer, the Co-op, and Harrods.
The disruption adds to a difficult period for Britain’s largest carmaker. The company recently reported a 49% slump in pre-tax profits to £351m for the quarter ending June, citing US tariffs and falling sales. Revenues dropped 9.2% year-on-year to £6.6bn, while production delays have forced JLR to push back the launch of its new electric Range Rover and Jaguar models until 2026. The company, headquartered in Coventry and employing more than 32,000 people across 17 UK sites, is also undergoing restructuring, with up to 500 management jobs set to go. Leadership changes are on the horizon too, with Tata Motors finance chief PB Balaji due to take over as CEO in November.
The incident highlights the growing threat cyber crime poses to UK businesses. According to the Royal Institution of Chartered Surveyors, more than one in four firms suffered a cyber-attack in the past year. Experts warn many organisations risk “sleepwalking” into major disruption without stronger cyber defences. For JLR, the immediate priority is restoring its systems and resuming production, but the episode underscores the vulnerabilities facing even the most established industrial players as they digitise operations.
Kev Eley, Vice President UKI at Exabeam, an expert in security operations said: “The recent cyber attack on Jaguar Land Rover (JLR), one of the UK’s most iconic and respected brands, highlights the rising and critical threat facing the country’s automotive and manufacturing sector. What was once considered a risk for IT teams alone is now a direct threat to business continuity, operational resilience, and national supply chains.
“So far, the attack has seen JLR’s manufacturing and retailing activities “severely disrupted” by the incident, forcing systems to be shut down. This comes at a significant time for UK car sales, with the latest batch of new registration plates just becoming available.
“This incident reveals a wider trend in attacker behaviour. Threat actors are no longer just seeking out financial gain, they’re increasingly exploiting operational dependencies and taking advantage of expansive attack surfaces. Despite this, there is no current evidence any customer data has been stolen from the attack.
“What’s clear is that swift incident response remains a critical factor in containing threats and protecting core operations. JLR’s prompt action to isolate its systems is an example of the exact decisive response required in such critical scenarios. This not only limits damage – it also preserves trust and enables faster recovery. But containment is just the beginning.
“Beyond taking rapid action, the manufacturing sector as a whole can strengthen its defences against ever-evolving threat tactics by investing in tools that proactively detect unusual behaviour and automate responses before real damage is done.
“Staying ahead of attackers requires more than just traditional defences. AI-powered detection, behavioural analytics, and automated response systems help organisations reduce downtime, protect data, and gain the edge over modern threats. As critical sectors work to increase their resilience against modern threats, these tools need to be part of a bigger strategy that combines cybersecurity best practices, employee training, and AI-driven security.”
The view of Cody Barrow, CEO of EclecticIQ, a provider of threat intelligence technology, was that the attack was less about opportunistic hacking, and more about strategic business warfare, with the attackers timing the strike for maximum operational and economic disruption.
He said: “The Jaguar Land Rover (JLR) attack reveals cyber crime’s evolution from opportunistic hacking into strategic business warfare. This was no random strike; it was timed with the UK’s critical ’75 plate’ launch to cause maximum damage.
“Manufacturing floors are now battlegrounds. When production lines come to a halt, the impact isn’t just digital, it’s economic and physical. JLR being hit twice in six months underlines how persistent these attackers are.
“And this isn’t isolated. From M&S to Co-op to Harrods, we’re seeing systematic targeting of UK business infrastructure. Cyber criminals are studying business models, not just IT systems. They’re breaking business operations, not just networks.
“Organisations need to accept they face adversaries who think like strategists. Defences must evolve beyond Monday-to-Friday security, because the attackers are playing 24/7.”
For more articles like this, visit our Leadership channel
