Updated: 10:08 EDT, 6 September 2025
27
View
comments
Jaguar Land Rover (JLR) has instructed factory workers to stay home until early next week as it continues to grapple with the ramifications of the cyber attack suffered this week.
The breach, which occurred on Sunday, forced the manufacturer to shut down its vital IT systems to protect itself from hackers behind what it dubbed a 'cyber incident'.
The impact, which is believed to be global, has dramatically affected UK production lines, with factory workers at its vehicle plants in Halewood, Merseyside, and Solihull in the West Midlands - as well as its engine factory in Wolverhampton - told not to come in until Tuesday at the very earliest, the BBC reports.
The situation is said to 'remain under review' with the company 'working at pace' to resolve the issue, though vehicle output could remain suspended well into next week.
JLR dealers have also been locked out of online systems. However, they have been able to register new models, though via a more arduous process.
It comes at a salient period of the calendar year, with the new '75' plate launched this month, which typically attracts more showroom visits and model sales than at any time of the year.
Thousands of existing owners are also believed to be affected, with garages unable to provide repairs as the IT shutdown has an impact on JLR's parts supply chain.
Jaguar Land Rover has instructed factory workers to stay home until early next week as it continues to grapple with the ramifications of the cyber attack suffered this week
A notice sent to Halewood workers on 4 September stated: 'Friday September 5 and Monday September 8: the leadership team has agreed that production associates will be stood down and will have hours banked in line with the corridor agreement.
'All colleagues are required to attend work as normal on Tuesday September 9 unless informed otherwise.'
On Wednesday, the hacker group also responsible for the highly damaging attack on Marks and Spencer earlier in the year, confirmed it was responsible for infiltrating JLR's systems.
The group of young English-speaking hackers – who are thought to be teens calling themselves 'Scattered Lapsus$ Hunters' – told the BBC how they allegedly accessed the car maker.
However, they are yet to confirm if they have successfully stolen private data from JLR or installed malicious software onto the company's network.
The car maker has said that, at this stage, there is 'no evidence any customer data has been stolen' but acknowledged that its 'retail and production activities have been severely disrupted' as a result.
Commenting on the cyber incident, Dray Agha, senior manager of security operations at security specialist Huntress, said: 'This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month.
'Cybercriminals know this, and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.'
Agha added: 'While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack.
'Containment and recovery are crucial parts of responding to an incident, and many organisations still do not have the detection and response technologies to neutralise security intrusions.'
Jake Moore, global cybersecurity advisor at antivirus and internet security provider ESET, also commented: 'Striking at a time when more than usual customers are likely to see potential delays with their new vehicle registrations and/or deliveries will have been a tactful decision made by the attackers to deliver their message loudest.
'Even though there is no evidence to suggest customer data has been compromised so far, any cyberattack on a company of this size is a reminder to secure all accounts by enabling multi-factor authentication, using unique passwords and where possible, remain on guard for suspicious messages.'
Share what you think
The comments below have not been moderated.
The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.
By posting your comment you agree to our house rules.
Do you want to automatically post your MailOnline comments to your Facebook Timeline?
Your comment will be posted to MailOnline as usual.
Do you want to automatically post your MailOnline comments to your Facebook Timeline?
Your comment will be posted to MailOnline as usual
We will automatically post your comment and a link to the news story to your Facebook timeline at the same time it is posted on MailOnline. To do this we will link your MailOnline account with your Facebook account. We’ll ask you to confirm this for your first post to Facebook.
You can choose on each post whether you would like it to be posted to Facebook. Your details from Facebook will be used to provide you with tailored content, marketing and ads in line with our Privacy Policy.
Published by Associated Newspapers Ltd