Jaguar Land Rover has confirmed that a cyber attack has severely disrupted its global production and retail systems, forcing plant shutdowns and causing delays during a key sales period.
The incident was first detected on Sunday 31 August, prompting an immediate IT shutdown to contain the threat. Staff at factories in Merseyside, the West Midlands and Wolverhampton were told to stay home, with parts of the dealer network also affected.
A hacker group known as Scattered Lapsus$ Hunters has claimed responsibility. Internal system screenshots posted online suggest they had access to sensitive tools, although there is no current evidence of customer data theft.
Suppliers have described the situation as “extremely serious”, with some moving into recovery mode due to the knock-on effect on production and parts supply.
Cyber experts say attackers increasingly target the link between IT and operational technology, knowing it can bring manufacturing to a halt and increase pressure on victims to pay.
To protect against these types of attacks, businesses should prioritise multi-factor authentication, restrict access across systems, and regularly test their detection, containment, and recovery capabilities.
