Jaguar Land Rover was forced to shut down production systems over the weekend after being hit with a cyber attack, the company has revealed.
The car manufacturer said it acted immediately to mitigate the attack by proactively shutting down systems in a move that thwarted attackers.
"We are now working at pace to restart our global applications in a controlled manner," JLR said in a statement. "At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted."
According to the BBC, the attack took place on Sunday, with employees at the company's plants in Halewood, Merseyside, and Solihull in the West Midlands sent home or told not to come into work the following day.
"JLR's decision to proactively shut down global manufacturing suggests this attack may have been targeting their operational systems, not just customer data," said Oakley Cox, director of operational technology of product at Darktrace.
"The speed of their response is telling - you don't typically halt production across multiple sites unless there's genuine concern about operational impact."
The attack appears to have been carefully timed, coming just as new registration plates are launched - the company's busiest time of year. Attacking over the weekend, meanwhile, meant that Jaguar Land Rover was less likely to able to respond and contain the threat.
No ransomware group has claimed responsibility. However, the automotive sector is becoming a highly attractive sector for hackers, thanks to increasing digitization and growing integration between IT and operational technology (OT).
According to Upstream Security’s 2025 Automotive & Smart Mobility Cybersecurity report, attacks against the automotive sector are on the rise - and getting bigger. The number of 'massive-scale' incidents, impacting millions of vehicles, more than tripled between 2021 and 2023, rising from 5% to 19%.
Jaguar Land Rover “did the right thing”
Nivedita Murthy, senior security consultant at Black Duck, said Jaguar Land Rover “did the right thing” by shutting down IT systems, which likely helped prevent the attack from spreading further and causing additional damage.
“As part of the post-incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of them,” Murthy added.
Conversely, Nick Tausek, lead security automation architect at Swimlane, said the move raises serious questions about how organizations should react to security incidents.
"It is tentatively reassuring to see that, as of yet, no impact on customer data has been reported. However, entirely shutting down production and retail operations is not a sustainable countermeasure for cyber attacks," he said.
"JLR, as well as other automobile manufacturing organizations, should use this as a lesson in the importance of proactive cybersecurity."
This isn’t the first time the car manufacturer has fallen victim to a cyber attack. Earlier this year, it was hit by a breach that saw the theft of several gigabytes of sensitive data.
That particular incident exposed more than 700 proprietary documents, along with source code and employee and partner data.
"It raises the question of whether vulnerabilities from the prior attack still exist and were exploited to breach the company this time around," suggested Tausek.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Ransomware attack on IT supplier disrupts hundreds of Swedish municipalities
- Google says 'claims of a major Gmail security warning are false' following recent media reports
- Warning issued to Salesforce customers after hackers stole Salesloft Drift data
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
