A cyber incident affecting Jaguar Land Rover (JLR) has “severely disrupted” sales and production operations at the car manufacturing giant.
The firm disclosed the incident in a short statement posted on its website on September 2.
“JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems,” the statement read.
The firm said it is now working to restart its global applications in a controlled manner.
“At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted,” JLR added.
JLR’s parent company Tata Motors reportedly disclosed to the Indian Stock Exchange on September 1 that JLR was suffering from “global IT issues.”
It quoted a statement from JLR which read: “We are working at pace to resolve global IT issues impacting our business. We will provide an update as appropriate in due course.”
🔒 Jaguar Land Rover (JLR) faces global IT issues; Tata Motors monitoring the situation
👉🏻 JLR (Tata Motors’ UK arm) working swiftly to #resolve IT security incident
👉🏻 Company promises timely updates as the situation evolves
👉🏻 No further operational details disclosed yet… pic.twitter.com/AtRoooBMHH— AoI Ventures (@aoiventures) September 1, 2025
UK Jaguar Staff Told Not to Come to Work
UK newspaper the Liverpool Echo has reported that JLR staff working at JLR’s Halewood production plant in Merseyside have been told to stay at home and not to come to work as the company continues to respond to the incident.
An email sent to staff on September 2 and seen by the publication read: "The leadership team has agreed that production associates will be stood down and will have hours banked in line with the corridor agreement."
The message added that all workers will be required to attend on Wednesday September 3 unless informed otherwise.
Autocar reported that car dealers were unable to register new JLR vehicles on September 1 as a result of the incident. The first day of September is traditionally one of the busiest days in the year for new car registrations in the UK.
Commenting on the incident, Jake Moore, global cybersecurity advisor at ESET, said it is likely the attackers deliberately targeted JLR at such an important period for the manufacturer.
"Cybercriminals often aim for the biggest possible disruptive impact on their victims. Striking at a time when more than usual customers are likely to see potential delays with their new vehicle registrations and/or deliveries will have been a tactful decision made by the attackers to deliver their message loudest,” he explained.
Manufacturing is one of the top targets for cybercriminals, with reliance on legacy OT systems, which are often converged with IT applications and devices, creating significant security vulnerabilities.
Additionally, attackers are often able to cause major operational disruption to production lines, resulting in financial and reputational damage to victims. This makes manufacturing a lucrative target for ransomware and extortion attacks.
A new Comparitech report found that manufacturing experienced a 57% increase in ransomware attacks from July to August 2025, from 72 to 113.
Image credit: Richard OD / Shutterstock.com