Jaguar Land Rover hit by cyber attack forcing production shutdown at UK plant
Jaguar Land Rover (JLR) has been forced to halt production and retail operations after a cyber attack disrupted its global IT systems, with staff at its plant on Merseyside told not to report to work.
The incident prompted the UK’s biggest carmaker to take its systems offline as a precaution.
In a statement, JLR said it was “working at pace to restart our global applications in a controlled manner” and stressed there was “no evidence” that customer data had been stolen.
Emails sent to staff at Halewood confirmed that shifts had been cancelled and hours banked under the site’s corridor agreement.
While some specialist staff are being kept on, production associates were told to remain at home.
Oakley Cox, director of product at Darktrace, said: “JLR’s decision to proactively shut down global manufacturing suggests this attack may have been targeting their operational systems, not just customer data.”
“The speed of their response is telling – you don’t typically halt production across multiple sites unless there’s genuine concern about operational impact.”
IT blackout amid UK cyber spree
The disruption comes at a sensitive moment for the company.
Dealers told Autocar they were unable to register new vehicles on 1 September, the day new 75 registration plates were launched, typically one of the busiest dates in the automotive calendar.
JLR’s parent company Tata confirmed the incident in a filing to the Indian stock exchange, referring to it as an “IT security incidence”.
The group has not provided further details on the nature of the attack or how long systems may remain offline.
The attack on JLR follows a string of high-profile cyber incidents across the UK retail sector this summer.
Co-op last confirmed its membership platform had been breached in May, affecting up to 6.5m customers, while Marks & Spencer told MPs an April attack had cost the business £300m.
Data from Abnormal AI suggests a clear seasonal pattern in retail-focused cyberattacks, with the second quarter consistently seeing a spike as criminals exploit busy trading periods.
The National Crime Agency has recently stepped up investigations into ransomware groups thought to be targeting UK companies.
In June, it arrested four individuals accused of attacks on major retailers including Harrods and M&S.
For JLR, the immediate priority is restoring production and retail systems.
But with uncertainty still surrounding the scope of the attack, questions remain over the resilience of UK manufacturing firms as cyber crime becomes an increasingly costly threat.