Jaguar Land Rover extends factory shutdown after cyber attack
Car maker's UK plants and overseas facilities remain idle as firm works with security specialists and law enforcement to restore IT systems
Jaguar Land Rover said its factories in the UK and abroad will remain closed until at least Wednesday after a cyber attack forced the company to shut down its IT systems on Aug. 31.
The carmaker said production at its Halewood and Solihull plants and its Wolverhampton engine facility has been suspended since the outage, and that affected sites in Austria, China and India were also unable to operate. Staff who work on production lines have been told to remain at home.
JLR, which is owned by India’s Tata Motors, said it shut down systems to protect them from damage and was working around the clock to restart networks "in a controlled and safe manner". The company said it was liaising with third-party cyber security specialists and law enforcement as it investigates the incident. Last Thursday the company had instructed staff to stay at home until at least Tuesday; that period of absence has now been extended to Wednesday.
The stoppage has disrupted the wider supply chain and dealer operations. Under normal circumstances JLR builds about 1,000 cars a day. Suppliers have reported knock-on effects, with some firms understood to have told their own staff not to come into work. Dealerships were initially unable to register new cars and garages that service JLR vehicles reported problems ordering parts, although sources said workarounds had been put in place to allow some transactions to continue.
The attack occurred just as a popular period for vehicle deliveries began: the latest batch of new registration plates became available on Monday, Sept. 1. Industry observers said the timing has complicated efforts by dealers and customers to complete deliveries and registrations.
A group of English-speaking hackers that has claimed responsibility for other attacks on U.K. businesses, including Marks & Spencer earlier this year, claimed credit for the JLR intrusion on the messaging app Telegram within days of the incident, according to reports. Security experts reviewing screenshots shared by the group said the images suggested the attackers had gained access to information they should not have. It is understood the group attempted to extort money from the firm. JLR told the BBC last week it was aware of the claims and was investigating.
Shaun Adams, who manages parts supplier Qualplast, told the BBC that a prolonged shutdown would be "concerning" for his business and could prompt suppliers to consider how to "future-proof" operations if disruptions persist.
JLR has not confirmed how long the outage will ultimately last and declined to comment on media reports suggesting the disruption could continue for several weeks. The company said it would provide updates as networks are restored and normal production resumes.