Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attack
The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
Jaguar Land Rover was forced to shut down production systems over the weekend after being hit with a cyber attack, the company has revealed.
The car manufacturer said it acted immediately to mitigate the attack by proactively shutting down systems in a move that thwarted attackers.
"We are now working at pace to restart our global applications in a controlled manner," JLR said in a statement. "At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted."
According to the BBC, the attack took place on Sunday, with employees at the company's plants in Halewood, Merseyside, and Solihull in the West Midlands sent home or told not to come into work the following day.
"JLR's decision to proactively shut down global manufacturing suggests this attack may have been targeting their operational systems, not just customer data," said Oakley Cox, director of operational technology of product at Darktrace.
"The speed of their response is telling - you don't typically halt production across multiple sites unless there's genuine concern about operational impact."
The attack appears to have been carefully timed, coming just as new registration plates are launched - the company's busiest time of year. Attacking over the weekend, meanwhile, meant that Jaguar Land Rover was less likely to able to respond and contain the threat.
No ransomware group has claimed responsibility. However, the automotive sector is becoming a highly attractive sector for hackers, thanks to increasing digitization and growing integration between IT and operational technology (OT).
According to Upstream Security’s 2025 Automotive & Smart Mobility Cybersecurity report, attacks against the automotive sector are on the rise - and getting bigger. The number of 'massive-scale' incidents, impacting millions of vehicles, more than tripled between 2021 and 2023, rising from 5% to 19%.
Jaguar Land Rover “did the right thing”
Nivedita Murthy, senior security consultant at Black Duck, said Jaguar Land Rover “did the right thing” by shutting down IT systems, which likely helped prevent the attack from spreading further and causing additional damage.
“As part of the post-incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of them,” Murthy added.
Conversely, Nick Tausek, lead security automation architect at Swimlane, said the move raises serious questions about how organizations should react to security incidents.
"It is tentatively reassuring to see that, as of yet, no impact on customer data has been reported. However, entirely shutting down production and retail operations is not a sustainable countermeasure for cyber attacks," he said.
"JLR, as well as other automobile manufacturing organizations, should use this as a lesson in the importance of proactive cybersecurity."
This isn’t the first time the car manufacturer has fallen victim to a cyber attack. Earlier this year, it was hit by a breach that saw the theft of several gigabytes of sensitive data.
That particular incident exposed more than 700 proprietary documents, along with source code and employee and partner data.
"It raises the question of whether vulnerabilities from the prior attack still exist and were exploited to breach the company this time around," suggested Tausek.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Ransomware attack on IT supplier disrupts hundreds of Swedish municipalities
- Google says 'claims of a major Gmail security warning are false' following recent media reports
- Warning issued to Salesforce customers after hackers stole Salesloft Drift data
-
Enterprise security in a world of AI deepfakes and uncertainty over identityAs AI-driven deepfakes grow more sophisticated, enterprises must move to layered defenses that protect trust without friction
-
‘Resilience debt’ is now one of the most pressing cyber challenges for enterprisesNews Research from Dell Technologies suggests the gap between cyber resilience and perception of readiness is getting bigger
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
An AWS CodeBuild vulnerability could’ve caused supply chain chaos – luckily a fix was applied before disaster struckNews A single misconfiguration could have allowed attackers to inject malicious code to launch a platform-wide compromise
-
Microsoft just took down notorious cyber crime marketplace RedVDS – and found hackers were using ChatGPT and its own Copilot tool to wage attacksNews Microsoft worked closely with law enforcement to take down the notorious RedVDS cyber crime service – and found tools like ChatGPT and its own Copilot were being used by hackers.
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Hacked London council warns 100,000 households at risk of follow-up scamsNews The council is warning residents they may be at increased risk of phishing scams in the wake of the cyber attack.
-
Hacker offering US engineering firm data online after alleged breachNews Data relating to Tampa Electric Company, Duke Energy Florida, and American Electric Power was allegedly stolen
