Cyber Attack Disrupts Jaguar Land Rover EV Operations

Share this article
Share this article
Prioritise Us on Google
Inside JLR's Solihull factory
Jaguar Land Rover’s production and retail have been hit hard as a cyberattack forced shutdowns of global IT and manufacturing systems during peak season

Jaguar Land Rover (JLR), a prominent player in the EV industry, encountered a severe cyberattack that disrupted its global production and retail operations, highlighting the susceptibility of EV manufacturers to cyber threats.

The attack led to a shutdown of IT systems, halting manufacturing at key global plants and impacting the luxury carmaker's ability to produce and register new vehicles.

Details of the JLR breach

JLR, owned by India's Tata Motors, confirmed its computer systems were compromised, leading to production haltages at facilities in the UK and beyond. Employees were instructed to avoid work sites, emphasising the scale of the breach.

Youtube Placeholder

The halted operations included crucial EV manufacturing and retail processes, impeding dealerships' capabilities to register new electric models. This situation unfolded amidst the release of new registration plates, a critical sales period in the automotive calendar.

In a statement, JLR says: “We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.

“At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”

Operational and financial impact on EV manufacturing

In the tightly-knit EV production and supply chains, cyber incidents can escalate disruptions significantly. The integration of IT systems with operational technology that control EV manufacturing means companies may have to suspend production to prevent further breaches.

For JLR, each hour of idle production translates into substantial financial losses and an inability to deliver new EVs to customers. The attack thus not only affects production but also results in direct revenue losses from delayed or suspended vehicle deliveries.

Youtube Placeholder

Dray Agha, Senior Manager of Security Operations at Huntress, says: “This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month. 

“Cybercriminals know this and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.

“It is not known if ransomware was involved in the Jaguar Land Rover attack, but ransomware actors target manufacturers for a reason.

“While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack. 

“In 2025, there are still companies that wait until a devastating cyberattack to invest in a robust security posture. 

“Fortunately, Jaguar Land Rover appears to have had processes and procedures in place to ‘lessen the effect’ and return to business as usual. 

“Containment and recovery are crucial parts of responding to an incident and many organisations still do not have the detection and response technologies to neutralise security intrusions.”

Dray Agha, Senior Manager of Security Operations at Huntress

The automotive sector's cybersecurity concerns

The breach experienced by JLR shines a light on the increasing exposure of EV manufacturers to sophisticated cyber threats. Automotive production, a highly digitised ecosystem with complex supplier networks, presents a valuable target for cybercriminals.

Experts caution that threat actors are focusing efforts on operational disruption through ransomware and similar attacks, exploiting the digital dependencies inherent in manufacturing and retail networks.

Katie Barnett, Director of Cyber Security at Toro Solutions, says: “The recent JLR cyber incident underscores the critical importance of robust cyber security, especially when protecting the intricate supply chains that underpin modern manufacturing. 

Katie Barnett, Director of Cyber Security at Toro Solutions

“Early detection of supply chain vulnerabilities is vital to minimising the impact of such breaches.

“These events are highly disruptive and stressful for everyone involved in restoring systems and resuming operations. They serve as a further reminder to reassess your IT resilience.

“While third-party vendors are essential to supply chain efficiency, it’s important to ask the following questions: Do they have the right security controls in place? Can you detect system infiltration early enough to contain the damage? Are your incident response plans ready to activate and restore business continuity at speed?

“With its complex global networks, the automotive industry remains a high-value target for cyberattacks. 

“Continued investment in third-party risk and resilience audits, real-time monitoring and rapid response strategies is essential to contain threats and recover swiftly, ensuring operational integrity and customer trust.”

Increasing cyber threats to established brands

The escalation in cyberattacks on renowned brands in 2025 underscores the fragility of even the most resourceful organizations. Retail giants such as M&S, Co-op, and Harrods have all faced significant cyber incidents, highlighting vulnerabilities within well-established business frameworks.

In particular, M&S's breach resulted in a £300m (US$402m) hit due to disrupted sales, supply chain issues, and operational costs, not to mention the erosion of customer trust and data theft.

The Co-op's attempted ransomware attack caused shutdowns across 2,300 stores, disrupting supply chains and exposing sensitive member data, while Harrods instituted internet access restrictions, preserving operations amidst threats.

These incidents highlight the need for comprehensive cybersecurity strategies, emphasising the importance of vigilance, risk management, and incident response to maintain continuity and safeguard consumer data.

Shankar Haridas, Head of UKI at ManageEngine, says: “These back-to-back security incidents, especially on major global brands, is definitely a matter of concern. 

Shankar Haridas, Head of UKI at ManageEngine

“The impact that this has on UK businesses especially is profound and increasingly concerning. This brings to the forefront the relentless challenges organisations face in protecting their digital assets.

"While businesses continue to invest heavily in frontline defences, attackers are finding new ways in – exploiting weak links in digital supply chains or infiltrating through trusted vendors.

“With the rise of AI, the threat is reimagined like never before and driving an ever greater velocity of attacks.

"No organisation can close every gap. That is why security can no longer be seen as an insurance policy – it must be embedded as a core strategic priority and a fundamental part of every organisation’s toolkit.”

Nivedita Murthy, Senior Security Consultant at Black Duck, adds: “The first step after detecting a security incident is containment. 

Nivedita Murthy, Senior Security Consultant at Black Duck

“Jaguar did the right thing by shutting down its IT system before the attack spread further and caused damage. 

“As part of the post-incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of them. 

“This incident is another reminder to retailers that emphasises the need to work on securing business operations as well as customer data to ensure smooth production and uncompromised trust in software, as attackers are increasingly targeting retail operators to access customer base information.

“People within an organisation tend to be the weakest links and any information gained on customers could be used for future phishing attacks or scams. 

“The fraud industry is thriving and more and more people are falling victim due to the fact that a lot of information on customer activity is available online.”