Jaguar Land Rover factories shut by cyber attack, employees sent home

Jaguar Land Rover has suspended production at three UK plants for more than two weeks after a cyber attack forced the carmaker to shut down IT systems and brace for data exposure.

The company said sites at Solihull, Halewood and Wolverhampton will remain closed until at least next week. Workers have been told not to report until Wednesday at the earliest, leaving output of more than 1,000 vehicles a day on hold. The BBC reported that the disruption means JLR will lose more than two weeks of global production.

The Financial Times reported that JLR took its IT systems offline on 1 September after detecting the hack. With production lines and parts logistics highly automated, the move paralysed manufacturing.

Dealerships were unable to process sales in what is usually a peak trading period, and garages initially struggled to secure replacement parts. The company has since introduced workarounds, but disruption continues across the supply chain.

Suppliers have also been hit. One Midlands-based parts manufacturer told the Guardian the stoppage had “knocked the timetable back by weeks” and created a bottleneck in deliveries.

Data risk confirmed

In a statement on Wednesday, JLR admitted that information “may have been affected” in the incident. “As a result of our ongoing investigation, we now believe that some data has been affected, and we are informing the relevant regulators,” the company said. “We will contact anyone as appropriate if we find that their data has been impacted.”

The BBC confirmed that the Information Commissioner’s Office has been notified.

A group calling itself Scattered Lapsus$ Hunters has claimed responsibility. The Telegraph reported that the same hackers were behind an attack on Marks & Spencer earlier this year which crippled its online sales for months and cost the retailer an estimated £300m.

JLR has not verified the claim but security experts said the group’s track record makes the attribution plausible.

Business minister Chris Bryant met JLR chief executive Adrian Mardell on Thursday. He told MPs earlier in the week that the National Cyber Security Centre, part of GCHQ, had been assisting the company since the attack was identified.

The Department for Business and Trade said it remains in daily contact with JLR, while local MPs are due to receive a briefing on Friday.

The production stoppage comes at a sensitive time for JLR, which is investing billions in electrification and supply chain modernisation. Analysts told the Financial Times the loss of more than two weeks of output will weigh on quarterly results and could slow progress on key launches.

“The dependency on digital systems means the defensive step of shutting down IT also shuts down the business,” one consultant told the Guardian. “That is the real cost of cyber exposure in modern manufacturing.”

JLR has said it is working “around the clock” to restore systems securely and resume production. For now, uncertainty remains over when full output will restart and whether customer or supplier data has been compromised.

The incident highlights the rising threat of cyber disruption in the automotive sector. As manufacturers accelerate their digital transitions, regulators and investors will be watching how JLR balances recovery with its strategic pivot to electric vehicles.