Jaguar Land Rover, the British multinational automotive manufacturer, has confirmed that a cyberattack severely disrupted its production processes, forcing the company to take critical systems offline.
In a public statement, the automaker described the event as a “cyber incident” and noted that immediate measures were taken to limit the impact.
“We are now working at pace to restart our global applications in a controlled manner. At this stage, there is no evidence that any customer data has been stolen, but our retail and production activities have been severely disrupted,” Jaguar Land Rover said.
The company has not revealed whether ransomware was involved, who might be behind the intrusion, or if attackers issued any demands.
Factory Operations Halted Following Cyberattack
The attack began on Sunday, according to reporting from the BBC. Employees at Jaguar Land Rover’s Halewood plant in Merseyside received an email advising them not to report to work on Monday.
Workers who had already arrived at the factory were sent home as systems went offline, highlighting the severity of the operational disruption.
A spokesperson for Jaguar Land Rover Netherlands also acknowledged the incident but declined to provide further details.
“We are investigating, that’s all I can say about it,” the spokesperson told Dutch media outlets.
Systems for Vehicle Registration Impacted
The fallout extended beyond factory operations. According to Autocar magazine, Jaguar’s system for registering new cars with the government was also taken offline as part of the shutdown.
The disruption could delay new vehicle registrations and potentially affect the automaker’s dealer network, though the company has not yet clarified the full scope.
Broader Pattern of Attacks on UK Companies
Jaguar Land Rover is not the only high-profile British firm facing cyberattacks in recent months. Earlier this year, Marks & Spencer, the Co-op Group, and Harrods also experienced cyber incidents that disrupted their operations.
These repeated attacks underscore how UK enterprises remain frequent targets for cybercriminals, particularly those operating in sectors with complex global supply chains.
Previous Breach Involving Stolen Internal Documents
This latest disruption follows another cyber incident earlier in 2025. In March, a threat actor known as “fedboy” claimed to have stolen 700 internal company documents from Jaguar Land Rover.
The leaked files reportedly contained employee usernames, email addresses, display names, and operational time zones, raising concerns about insider exposure and workforce targeting.
While Jaguar Land Rover never confirmed the full extent of that breach, the fresh incident indicates that the company continues to grapple with persistent cybersecurity threats.
Outlook for Recovery Efforts
At present, Jaguar Land Rover is working to restart its global IT applications in phases. The automaker has emphasized that customer data does not appear to have been compromised, but retail and production activities remain severely affected.
Given the scale of the disruption, industry observers note that full recovery may take time, and the incident is likely to draw further scrutiny to automotive cybersecurity resilience.
