Jaguar Land Rover (JLR) is grappling with the fallout from a serious cyberattack that has disrupted its operations worldwide.
The car maker, Britain’s second largest, shut down its global IT systems after the breach was detected on Sunday 31 August, initially claiming there was “no evidence any customer data has been stolen.”
Now, in a fresh statement, the company has acknowledged that some data may have been affected, and regulators are being notified as the investigation continues.
Investigations and Ongoing Concerns
JLR has brought in third-party cybersecurity experts and law enforcement to fully assess the breach.
The investigation is ongoing, and the company has promised to contact anyone whose data may have been impacted.
When asked specifically if customer information was affected, a JLR spokesperson declined to comment beyond the official statement.
The cyberattack has forced the temporary shutdown of multiple factories in the UK, Slovakia, India, and Brazil, with operations expected to remain paused for several weeks.
Workers at UK plants in Halewood, Merseyside, Solihull, West Midlands, and Wolverhampton have been sent home and will not return before Monday 15 September at the earliest.
Hackers Claim Responsibility
A group believed to be teenage hackers calling themselves Scattered Lapsus$ Hunters has claimed responsibility for the breach.
This same group previously targeted Marks and Spencer earlier this year.
While the hackers have confirmed they infiltrated JLR systems, they have not clarified whether any sensitive data was stolen or malicious software installed.
However, security experts analyzing shared images believe the group successfully accessed restricted information, including internal troubleshooting instructions and computer logs.
Widespread Operational Disruption
The impact on JLR’s business has been profound. With IT systems offline, dealers cannot register new vehicles, online spare parts catalogues are inaccessible, and diagnostic equipment used to service cars is not working.
This has delayed repairs for existing customers and prevented the production of new vehicles for nearly two weeks.
Inside sources suggest that rebooting the IT systems could take weeks rather than days, and the ripple effects are already affecting suppliers, some of whom have temporarily laid off staff.
Concerns are mounting that government support may be required to help JLR’s supply chain weather the disruption.
Financial Implications
Economists warn that the breach could cost JLR as much as £5 million per day, a catastrophic hit during one of the busiest months for car sales.
Potential buyers may turn elsewhere if dealerships cannot register new models, compounding the financial strain.
Dray Agha, senior manager of security operations at Huntress, told the Daily Mail that the incident “highlights the critical vulnerability of modern manufacturing,” where a single IT system attack can halt physical production and directly affect revenue.
Challenges of Recovery
Restarting complex, interconnected IT systems is no small task.
According to Agha, JLR’s quick shutdown of affected systems likely prevented a major data breach, but the company now faces the daunting challenge of safely restoring operations.
Effective containment and recovery are essential, yet many organizations still lack the tools to detect and neutralize such security intrusions efficiently.
The National Cyber Security Centre is working closely with JLR to provide support and guidance as the company navigates the aftermath of this unprecedented cyberattack.
A Crisis on the Scale of a Pandemic
Industry insiders are calling this JLR’s worst crisis since the COVID-19 pandemic.
With factories shuttered, production stalled, and data concerns unresolved, the car maker faces one of the most challenging periods in its history—just as global demand for vehicles remains high.
The coming weeks will determine how quickly JLR can stabilize operations, reassure customers, and safeguard sensitive information, while also managing the financial and reputational fallout of the attack.