Jaguar Land Rover Cyberattack Brings Global Operations to a Standstill

Jaguar Land Rover (JLR), the UK’s largest car manufacturer, has experienced a severe cyber incident that forced it to shut down its global IT systems, causing major disruption to production and retail operations. The company reported no evidence of customer data being compromised, but dealerships have been unable to register vehicles, and several manufacturing sites were closed as a precaution.

The incident, which occurred during one of the busiest sales weeks of the year for UK car dealerships, is the second known cyberattack on JLR in 2025.

While the company has not confirmed whether ransomware was involved, cybersecurity experts suggest the shutdown behavior and operational impact point strongly in that direction.

JLR says it is working swiftly to restore systems in a controlled manner.

Why It Matters: This incident underscores cyber risks facing automotive manufacturers who are becoming increasingly reliant on interconnected digital systems for production and sales. The timing and scale of the attack suggest targeting by threat actors during peak commercial activity, while the recurrence of breaches raises urgent questions about JLR’s cyber resilience and preparedness.

• Global Shutdown of Production and Retail Systems: Jaguar Land Rover confirmed the disconnection of its global systems after detecting the attack, resulting in widespread disruptions. Production was halted at several UK sites, including the Halewood and Solihull plants, and retail outlets could not process vehicle registrations or supply parts. The outage struck at a particularly sensitive time, as dealerships were set to launch new 75-plate vehicles which typically marks a revenue peak in the UK car market.

• Company Response Focused on Damage Control and Recovery: In statements to the media and its parent company, Tata Motors, JLR emphasized its swift response to the incident by initiating a controlled system shutdown. The company is now focused on restoring global applications at speed, but has not provided a timeline for full recovery. Although there is no indication that customer data has been compromised, the scale of the disruption indicates that internal operational systems, potentially including production line automation and supply chain logistics, may have been directly targeted.

• No Group Has Claimed Responsibility: Cybersecurity analysts suggest the shutdown’s behavior and significant disturbance align with typical ransomware attacks, yet no known ransomware group has claimed responsibility. Notably, in March 2025, the Hellcat ransomware gang alleged it had accessed JLR systems and extracted sensitive data. As it remains unclear whether this latest attack is related or represents a continuation of that breach, experts are raising concerns about unresolved vulnerabilities in the company’s infrastructure that may have been reexploited.

• Financial and Operational Impact Comes at a Difficult Time: The attack’s timing compounds existing financial pressures for Jaguar Land Rover. In recent months, the company has faced falling profits, delays in launching key electric vehicle models, and a temporary pause in exports to the US due to tariffs. The attack increases strain by also potentially impacting revenue during one of the year’s busiest retail periods. Parent company Tata Motors saw a dip in share price following disclosure of the attack, reflecting investor concerns about prolonged operational downtime.

• Wider Implications for Automotive Cybersecurity: Industry experts warn that modern manufacturing has become deeply dependent on digital systems, making it increasingly vulnerable to cyber threats. Repeated targeting of JLR and other UK retailers earlier in the year shows the need for heightened cyber defense protocols in sectors where downtime equates to multimillion-pound losses.

Go Deeper -> Jaguar Land Rover manufacturing and retail ‘severely disrupted’ by cyber incident – The Guardian

Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack – SecurityWeek