Lauren Almeida and Dan Milmo 

Jaguar Land Rover manufacturing and retail ‘severely disrupted’ by cyber incident

Carmaker says it has shut down its systems but there is no evidence customer data has been stolen
  
  

Jaguar Land Rover assembly line at Halewood: a dark grey vehicle is at the front of the image framed by bright lighting.
Jaguar Land Rover told workers at the Halewood plant, Merseyside, not to come into work on Monday morning, the Liverpool Echo reported. Photograph: Simon Kirwan/Alamy

Jaguar Land Rover’s manufacturing and retailing activities have been “severely disrupted” by a cyber incident, forcing it to shut down its systems.

Britain’s largest carmaker said there was no evidence that any customer data had been taken.

“We are now working at pace to restart our global applications in a controlled manner,” JLR said in a brief statement. “At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”

JLR said it had “proactively” shut down its systems and taken “immediate action to mitigate” the impact.

The Liverpool Echo reported that workers at the company’s Halewood plant in Merseyside were told early on Monday morning not to come into work because of the incident.

Shares in JLR’s Indian owner, Tata Motors, fell by 0.9% in Mumbai after it informed investors of a cyber incident on Monday. JLR told its parent company that it was “working at pace to resolve global IT issues impacting our business”.

One cybersecurity specialist said the speed of the shutdown underlined the seriousness of the threat facing JLR’s operations.

“JLR’s decision to proactively shut down global manufacturing suggests this attack may have been targeting their operational systems, not just customer data,” said Oakley Cox, a director at the UK cybersecurity firm Darktrace. “The speed of their response is telling – you don’t typically halt production across multiple sites unless there’s genuine concern about operational impact.”

JLR did not give more details about who was behind the cyber incident, when it was discovered or how long it would take to recover from it.

The UK’s National Cyber Security Centre was contacted for comment.

In April, Marks & Spencer revealed it had been the victim of a devastating cyber-attack which resulted in the closure of its online store for almost seven weeks and cost it hundreds of millions of pounds.

The Co-op was attacked in the same month and forced to shut down parts of its IT system. Both had been targeted by ransomware, which locks up a victim’s computer files.

JLR has given no indication that its incident also involves such malware, but in a separate and unconfirmed incident in March, the Hellcat ransomware group claimed it had extracted data from JLR’s systems. JLR has been contacted for comment about the Hellcat claim.

In May, the luxury retailer Harrods said that it had been targeted, and restricted internet access across its websites after attempts to gain unauthorised access to its system. Four people including three teenagers have been arrested at UK addresses as part of an investigation into the trio of retail cyber-attacks.

The disruption at JLR comes as it faces falling profits amid the impact of US tariffs and declining sales.

The carmaker reported that underlying pre-tax profits fell by 49% to £351m in the three months to June, which included a period when the company temporarily paused exports to the US.

A subsequent trade deal between the UK and the US cut car export tariffs from 27.5% to 10%. However, the pause contributed to a near £700m drop in revenue, down 9.2% year on year to £6.6bn.

It is one of the busiest weeks for car retailers, with UK dealerships selling their first 75-plate vehicles. Autocar reported that JLR dealers had been unable to register cars with the new plate.

JLR also said in July that it had to delay the planned launches of its new electric Range Rover and electric Jaguar models until 2026, after initially aiming for late 2025. The company told staff over the summer that it would axe up to 500 management jobs in the UK as part of a voluntary redundancy round.

The carmaker, which is headquartered in Coventry, employs 32,800 people in the UK across 17 different sites. Last month it announced PB Balaji would become its new chief executive and would take the reins in November.

Balaji, who is the group finance chief of Tata Motors, will become the British firm’s first Indian chief executive. He will replace Adrian Mardell, who is retiring after three years in the top job and 35 years working for the company.

More than one in four UK businesses had been the victim of a cyber-attack in the past year and many more risked “sleepwalking” into such disruption unless they took urgent action, according to a survey of facilities managers, service providers and consultancies undertaken by the Royal Institution of Chartered Surveyors (Rics).

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*