Jaguar Land Rover hit by cyber attack that halts production and new-car registrations

Jaguar Land Rover said it was working "around the clock" to restore IT systems after a cyber incident identified on Sunday forced the British car maker to shut down global computer systems, halting production at key UK plants and preventing dealers from registering new vehicles.

The company said it had taken "immediate action to mitigate its impact by proactively shutting down our systems" and was "working at pace to restart our global applications in a controlled manner." The disruption has affected showrooms, franchised garages and suppliers and left dealers unable to register cars displaying the new "75" licence plate that went into use on Sept. 1.

The breach prompted Jaguar Land Rover (JLR), which is owned by Tata Motors, to instruct factory workers at plants in Halewood, Merseyside, Solihull in the West Midlands and its engine plant in Wolverhampton not to attend work until at least Tuesday while systems remained offline. The company said it was working with third-party cybersecurity specialists and law enforcement agencies to investigate the incident and understand its full consequences.

Dealerships reported being locked out of online ordering and registration systems, forcing some to use more arduous manual processes to place orders and complete vehicle registrations. Independent and franchise garages said they could not access diagnostic tools or electronic parts catalogues provided by JLR, raising concerns that owners of Range Rover and Jaguar vehicles could face lengthy delays for routine repairs and parts replacements.

Parts suppliers and dealerships told the company the outage had put some into "panic and recovery mode," according to people familiar with the matter. Industry observers noted the timing was particularly disruptive because September is one of the two busiest months in the UK car retail calendar, when manufacturers and buyers commonly align with the biannual number plate change.

Several hacking groups have claimed responsibility for the attack. Two groups that have previously claimed involvement in intrusions against other UK retailers issued messages saying they had exploited a flaw in JLR's systems and boasted of accessing customer data. Jaguar Land Rover said that, "at this stage there is no evidence any customer data has been stolen," and that it had acted to protect sensitive information by isolating affected systems.

JLR declined to provide further detail on the nature of the breach, the systems affected or whether it had received any ransom demand. Representatives for the groups that claimed responsibility could not be verified independently and law enforcement investigators are probing the incident, according to JLR's statement.

The outage has had immediate operational effects. Franchised dealers rely on JLR's electronic catalogues and diagnostic connections to identify faults, order replacement parts and complete warranty work. With those services unavailable, dealers said they were unable to source parts through the usual channels and were advising customers that repairs might be delayed. One industry estimate cited in reporting suggested more than a million Jaguar and Range Rover vehicles could be indirectly affected if parts ordering and diagnostics remain offline for an extended period.

JLR said it was prioritising restarting applications in a "controlled and safe manner" and thanked customers, partners, suppliers and colleagues for their patience. The company said it would provide updates as the investigation progressed.

Cybersecurity experts noted that automotive manufacturers have become increasingly attractive targets as vehicles, factories and retail operations grow more reliant on interconnected IT systems. Attacks that force companies to isolate networks to prevent further intrusion can significantly disrupt production, sales and aftercare services, and can complicate supply chains that depend on real-time ordering and inventory systems.

Earlier this year several major UK retailers reported digital intrusions; the groups that have claimed responsibility for the JLR disruption previously said they were behind incidents affecting other firms. JLR's cooperation with law enforcement and external security specialists follows standard incident-response practice for major breaches, but investigators will need time to determine the point of entry, the scope of any data access and whether criminal actors sought financial reward.

Until systems are fully restored, dealers and owners are likely to face a mixture of delayed registrations, longer repair wait times and constrained parts availability. JLR has not given a timetable for a full resumption of normal operations and said the situation remained under review.

The incident underscores the broader cybersecurity challenges facing manufacturers as digital and physical operations converge. Regulators and industry groups have in recent years urged car makers and suppliers to adopt rigorous cyber resilience measures, including segmentation of critical systems, incident response rehearsals and third-party risk management, to limit the operational fallout when breaches occur. Jaguar Land Rover's public statements emphasise containment and recovery while investigations continue.