Publish date: 05.09.25

Jaguar Land Rover (JLR), Britain’s premier luxury carmaker and a subsidiary of India’s Tata Motors, is currently grappling with a major cyber attack that has brought operations to a near standstill. The incident, first detected on Sunday 31 August, has forced the company to shut down systems across its network, causing severe disruption to both production and retail operations worldwide.

Production at key UK facilities including Halewood in Merseyside, Solihull in the West Midlands, Wolverhampton, and Castle Bromwich has been suspended. Thousands of workers have been instructed to remain at home until at least Tuesday 9 September, though the date is subject to review as investigations continue. The timing could hardly be more damaging, as the disruption coincides with the launch of the new ‘76’ registration plates, one of the busiest periods of the year for new car sales.

Retail operations have also been heavily affected, with dealerships unable to carry out diagnostics, order parts, register new vehicles or complete customer handovers.
Responsibility for the attack has been claimed by a group calling itself Scattered LAPSUS$ Hunters, a collective said to combine members of Scattered Spider, Lapsus$ and ShinyHunters. The group published screenshots on Telegram that appear to show access to JLR’s internal IT systems. Adding to the confusion, an individual known as “Rey,” linked to the Hellcat hacking group and previously associated with a breach at JLR in March, has also claimed involvement.

Cybersecurity experts caution that overlapping claims and identities are making it difficult to confirm exactly who is responsible. The UK’s National Crime Agency is now investigating, with support from regulators including the Information Commissioner’s Office.

JLR has stressed that there is currently no evidence of customer data being stolen. Nevertheless, the company has informed the ICO and is continuing to assess the potential impact given the scale of the disruption. Supply chains, dealerships and repair centres have already been hit hard, and suppliers are bracing for further financial losses.

The incident could not have come at a worse time for JLR, which is already navigating declining profits, new US tariffs, and weak consumer confidence. Industry experts say the timing and scale of the attack appear carefully chosen to cause maximum disruption during a critical sales period.

The investigation began immediately after the attack was detected on 31 August. The operational impact has been severe, with plants closed and workers stood down, while dealerships have been unable to process new registrations or sales at the very moment new plates are being launched. Although there has been no confirmed theft of customer data so far, the full regulatory and financial consequences of the breach remain unclear.

This remains a fast-moving situation. Updates will follow as Jaguar Land Rover works to restore its systems, regulators continue their inquiries, and investigators seek to identify the attackers with certainty.

The Case for Cyber Vigilance

The Jaguar Land Rover attack is a stark reminder that even the largest and most technologically advanced businesses remain vulnerable to cyber criminals. With modern supply chains and retail networks growing increasingly complex and interconnected, organisations must ensure they have the right protections in place to defend against attacks that can ripple across entire industries.

This is where trusted partners like Xeretec can play a vital role. By providing advanced IT security services, robust endpoint protection, and ongoing monitoring across multiple environments, Xeretec helps organisations strengthen their defences and respond quickly to potential breaches