JLR shuts IT systems, halts UK plant production after cyberattack

Jaguar Land Rover (JLR) reported a cyberattack that has "severely disrupted" key IT systems and forced the suspension of production at its UK assembly plants, with knock-on impacts to global operations, manufacturing engineering teams, and supply coordination.

The incident, which was confirmed by the British OEM on 2 September, has caused widespread disruption not only in assembly but also real-time coordination with suppliers and logistics, as JLR moved quickly to proactively disable core systems to contain the threat.

The company has not confirmed whether ransomware or other malicious code was involved, but it was reported that JLR’s internal security teams, along with external cyber specialists, are continuing investigations systems are being restored “in a controlled manner.”

JLR has stated that customer data does not appear to have been compromised.

The cyberattack came during the September launch of the UK’s ’75’ vehicle registration plates, which apply to all vehicles registered from September 2025. Dealer networks were forced to stall deliveries and hold off on processing new orders.

Among the most severely affected are JLR’s Solihull plant in the West Midlands and its Halewood site in Merseyside, where vehicle assembly has been suspended since the IT shutdown. Staff at these plants were advised not to report to work, while digital manufacturing systems remain offline.

The shutdown has also impacted operations at JLR’s EMC engine plant in Wolverhampton, as well as R&D and manufacturing engineering teams in Gaydon, many of whom have been unable to access key systems.

Strategic exposure in a connected production environment

The cyberattack also reinforces the operational risk of high integration across global production systems - where a single compromised point can cascade across multiple geographies and business units.

JLR’s global footprint, including operations in Slovakia, Brazil, China, and India, is tightly connected through shared planning systems and digital engineering platforms.

It remains unclear how far beyond the UK the disruption has extended, but the risk of supplier delays, production backlogs, and inventory misalignment could he high. Tier-1 and Tier-2 suppliers may also experience knock-on effects if systems for forecasting, ASN handling, or plant delivery schedules remain offline.

Cybersecurity now a critical axis of manufacturing resilience

JLR now joins a growing list of major OEMs experiencing disruptions from cyberattacks. In March 2025, the HELLCAT ransomware group allegedly claimed responsibility for leaking internal JLR documents and employee data. 

In 2023, a cyberattack on Yanfeng International Automotive Technology triggered supply chain issues that forced Stellantis to halt assembly at several North American plants

In 2022, Toyota was forced to shut down all 14 of its domestic factories in Japan for a full day due to a cyberattack on a key supplier, Kojima Industries. The attack temporarily disrupted Toyota’s kanban and just-in-time systems, suspending production of around 13,000 vehicles.

Volvo Cars confirmed it had suffered a data breach after a cyberattack targeted its R&D systems in 2023.

The incident reveals growing vulnerabilities in automotive OT (operational technology) environments, where once-isolated systems are now deeply integrated across supply, production, and engineering networks.

Nissan has implemented a supplier cybersecurity risk programme across its operations in the Americas, integrating supplier assessments, real-time monitoring tools, and coordinated response protocols. According to the company, the initiative has already helped mitigate potential disruptions and reflects broader industry efforts to harmonise supplier cybersecurity standards through the Auto-ISAC