Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attack

Jaguar Land Rover dealership with Jaguar and Land Rover logos pictured on a sign. — (Image credit: Getty Images)

Jaguar Land Rover was forced to shut down production systems over the weekend after being hit with a cyber attack, the company has revealed.

The car manufacturer said it acted immediately to mitigate the attack by proactively shutting down systems in a move that thwarted attackers.

"We are now working at pace to restart our global applications in a controlled manner," JLR said in a statement. "At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted."

According to the BBC, the attack took place on Sunday, with employees at the company's plants in Halewood, Merseyside, and Solihull in the West Midlands sent home or told not to come into work the following day.

"JLR's decision to proactively shut down global manufacturing suggests this attack may have been targeting their operational systems, not just customer data," said Oakley Cox, director of operational technology of product at Darktrace.

"The speed of their response is telling - you don't typically halt production across multiple sites unless there's genuine concern about operational impact."

The attack appears to have been carefully timed, coming just as new registration plates are launched - the company's busiest time of year. Attacking over the weekend, meanwhile, meant that Jaguar Land Rover was less likely to able to respond and contain the threat.

No ransomware group has claimed responsibility. However, the automotive sector is becoming a highly attractive sector for hackers, thanks to increasing digitization and growing integration between IT and operational technology (OT).

According to Upstream Security’s 2025 Automotive & Smart Mobility Cybersecurity report, attacks against the automotive sector are on the rise - and getting bigger. The number of 'massive-scale' incidents, impacting millions of vehicles, more than tripled between 2021 and 2023, rising from 5% to 19%.

Jaguar Land Rover “did the right thing”

Nivedita Murthy, senior security consultant at Black Duck, said Jaguar Land Rover “did the right thing” by shutting down IT systems, which likely helped prevent the attack from spreading further and causing additional damage.

“As part of the post-incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of them,” Murthy added.

Conversely, Nick Tausek, lead security automation architect at Swimlane, said the move raises serious questions about how organizations should react to security incidents.

"It is tentatively reassuring to see that, as of yet, no impact on customer data has been reported. However, entirely shutting down production and retail operations is not a sustainable countermeasure for cyber attacks," he said.

"JLR, as well as other automobile manufacturing organizations, should use this as a lesson in the importance of proactive cybersecurity."

This isn’t the first time the car manufacturer has fallen victim to a cyber attack. Earlier this year, it was hit by a breach that saw the theft of several gigabytes of sensitive data.

That particular incident exposed more than 700 proprietary documents, along with source code and employee and partner data.

"It raises the question of whether vulnerabilities from the prior attack still exist and were exploited to breach the company this time around," suggested Tausek.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.