Jaguar Land Rover (JLR) has suffered a cyberattack that forced the company to shut down core IT systems, halting production and disrupting global sales and vehicle registrations.
The incident began over the weekend and has now entered its second day, with the automaker still unable to confirm when operations will be fully restored.
The breach was first reported on Monday by Autocar, after JLR dealerships across the UK experienced outages preventing new vehicle registrations, on what is typically a peak sales day for the industry. The attack coincided with the release of new license plate numbers on 1 September, a date that often drives a surge in vehicle purchases.
In a public statement issued today, JLR acknowledged the cyber incident, confirming that systems were proactively shut down in response. “We are now working at pace to restart our global applications in a controlled manner,” the company said. JLR also stated that, at this stage, there is no evidence that customer data has been exfiltrated.
While specific technical details of the breach remain undisclosed, the cascading impact on the company's operations has been severe. Production at the Solihull plant in the UK, where key models like the Land Rover Discovery, Range Rover, and Range Rover Sport are manufactured, has reportedly come to a standstill. Although JLR has not officially confirmed which facilities are affected, multiple dealerships have corroborated issues with vehicle handovers and parts supply chains.
JLR, a wholly owned subsidiary of Tata Motors, is one of the UK's largest automotive manufacturers. With a global footprint that includes design centers, manufacturing plants, and software hubs across Europe, North America, and Asia, the automaker produces premium vehicles under the Jaguar and Land Rover marques.
JLR's main website and customer-facing platforms, including its online car configurator, appear to remain operational, suggesting that the attack primarily targeted internal systems.
Although no threat actors have yet claimed responsibility, the nature of the disruption points to a ransomware attack targeting core backend infrastructure. The precise entry vector has not been disclosed, and the company has not publicly stated whether it has engaged law enforcement or external cybersecurity firms.
As of Tuesday evening, no public timeline has been provided for the restoration of services, and customers and dealers alike remain in the dark about when normal operations will resume.
Leave a Reply