Jaguar Land Rover (JLR), one of Britain’s most iconic car manufacturers, is facing one of its biggest challenges in years after a major cyber attack crippled its global IT systems.
The disruption has rippled through its entire business, from production plants to showrooms, and even parts suppliers who depend on JLR for work.
A Race Against Time to Fix the Systems
In a statement, JLR said it is “working around the clock” to get its applications back online in a safe and controlled way.
To speed up recovery, the company has brought in external cybersecurity experts and is cooperating with law enforcement.
Despite these efforts, the scale of the disruption has forced the automaker to take dramatic measures, including telling UK factory staff to stay home until at least Tuesday.
Factories Fall Silent
The attack hit over the weekend, forcing a production shutdown across JLR’s plants in Halewood, Solihull, and Wolverhampton.
Notices sent to workers confirmed that shifts scheduled for September 5 and 8 were canceled, with staff banking hours under existing agreements.
Employees have been told to return on September 9—though it’s feared the shutdown could drag on longer if the crisis isn’t resolved quickly.
Dealers and Customers Left Struggling
It isn’t just factories feeling the pressure. JLR dealers have been locked out of key systems, making it difficult to register new vehicles.
With the new “75” number plate release—one of the busiest sales periods of the year—the timing couldn’t be worse.
Some retailers have resorted to manually phoning the DVLA to get cars registered, a far slower process.
Meanwhile, repair shops are struggling to access parts and diagnostics, leaving thousands of customers in limbo.
Hackers Claim Responsibility
The group behind the attack is said to be “Scattered Lapsus$ Hunters,” a collective of young English-speaking hackers.
The same group previously targeted Marks & Spencer.
While they claim to have infiltrated JLR’s systems, it’s unclear whether they managed to steal sensitive customer data or install malicious software.
So far, JLR insists there is “no evidence” of data theft, though the hackers have leaked internal instructions and computer logs suggesting they had deep access.
Suppliers Feel the Heat
Suppliers, too, are caught in the fallout.
Shaun Adams, head of Qualplast, which makes interior parts for JLR and other carmakers, admitted his company had to go into “panic and recovery mode.”
Short shutdowns are manageable, he said, but if delays stretch on for weeks, the impact on their own sales and future planning could be severe.
Customer Support Still Running
JLR has stressed that while its IT systems remain down, support services are still operating.
Retailers are using local stock to carry out repairs, roadside assistance vans are active, and dealerships remain open for customers.
Still, the company acknowledged the frustration caused, thanking customers, suppliers, and partners for their patience.
Why the Timing Hurts Most
September is a crucial month for car sales in the UK, with the launch of the new number plate format.
Buyers often wait for this period to register new vehicles, making it one of the busiest times of the year for JLR.
Cyber experts say attackers may have chosen this moment deliberately, knowing that delays now would cause maximum disruption.
Experts Warn of Growing Threat
Security specialists argue the incident highlights how vulnerable modern manufacturing is to cybercrime.
A single system failure can shut down billion-pound production lines.
While JLR’s quick shutdown likely prevented worse damage, experts warn recovery will be complex and slow.
They also caution customers and employees to remain vigilant for suspicious messages and to use stronger security protections, such as multi-factor authentication.
Looking Ahead
JLR is still trying to bring its systems back online, and while showrooms remain open, its core operations are far from normal.
Much depends on whether the company can restore its networks in the coming days—or whether the disruption stretches deeper into September.
One thing is clear: this attack has exposed just how much even the biggest names in industry rely on digital resilience.