Jaguar Land Rover (JLR) has been severely hit by a cyber incident.
The BBC reported that the attack began on Sunday, while the latest batch of new car number plates became available on Monday 1st September.
In a statement released on Monday, the company said it had immediately taken steps to mitigate the impact, proactively shutting down its systems as soon as it became aware of the incident. It added it is currently working to restore its operations.
The company, owned by Tata Motors, added that there was currently no evidence that customer data had been stolen, but that retail and manufacturing operations had been severely disrupted.
“We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner,” it said.
The Liverpool Echo reported that early on Monday morning, workers at the company’s plant in Halewood, Merseyside, were informed by email not to come to work, while others were sent home.
The BBC added that the attack also affected JLR’s other main production facility in the UK, in Solihull, where staff were also sent home.
JLR’s statement makes no mention of a cyberattack. However, according to the BBC, a separate document filed by parent company Tata Motors with the Bombay Stock Exchange refers to an “IT security incident” that caused “global” issues.
The National Crime Agency said in a statement: “We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact.”
In 2023, Jaguar Land Rover (JLR) entered a £800 million strategic partnership with Tata Consultancy Services (TCS) over five years to transform and modernise its digital infrastructure, deepening a decade-long relationship between JLR and TCS.
The deal included building a future-ready technology architecture, including services like cloud migration, cybersecurity, data services and application development.
This is the latest company to be hit by a cyber-attack after major British retailers, including Marks & Spencer and Co-op.
In April 2025, both UK retailers were affected by a ransomware incident that resulted in disruption to critical business functions and customer data exfiltration.
The Cyber Monitoring Centre (CMC) has classified the cyber attacks on the Co-op and Marks and Spencer as a Category 2 systemic event in its first live public assessment of the financial impact on the UK of a cyber incident.
Given that one threat actor claimed responsibility for both M&S and Co-op, the close timing, and similar tactics, techniques, and procedures, the CMC has assessed the incidents as a single combined cyber event.
The CMC – a non-profit organisation which aims to assess the severity of cyber incidents – estimates the total financial impact across affected parties at £270 million to £440 million, based on a matrix it used to classify events according to the financial impact and number of parties involved.
