Jaguar Land Rover (JLR) has been severely affected by a cyber incident that began on Sunday, coinciding with the release of new car number plates on 1 September.

According to the BBC, JLR immediately took action, proactively shutting down its systems to mitigate the impact and is now working to restore operations.

The company, owned by Tata Motors, stated there is currently no evidence that customer data has been compromised, but confirmed that retail and manufacturing operations have faced significant disruption. In its statement, JLR said: “We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.”

The Liverpool Echo reported that, early on Monday morning, workers at the Halewood plant in Merseyside were informed by email not to come to work, while others were sent home. The incident also affected JLR’s main UK production facility in Solihull, with similar measures taken for staff.

While JLR’s statement does not explicitly mention a cyberattack, the BBC notes that a separate document filed by Tata Motors with the Bombay Stock Exchange refers to an “IT security incident” that caused global issues. The National Crime Agency commented: “We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact.”

In 2023, JLR entered into an £800 million strategic partnership with Tata Consultancy Services (TCS) over five years to modernise its digital infrastructure, including cloud migration, cybersecurity, data services, and application development. This deepened a decade-long relationship between the two companies.

JLR is the latest major firm to be hit by a cyber-attack, following similar incidents at Marks & Spencer and Co-op. In April 2025, both retailers suffered a ransomware attack that disrupted business functions and led to customer data exfiltration. The Cyber Monitoring Centre (CMC) classified the Co-op and Marks & Spencer attacks as a Category 2 systemic event in its first public assessment of the financial impact of cyber incidents in the UK. The CMC estimates the total financial impact at £270 million to £440 million, considering the close timing and similar tactics used, and has assessed the incidents as a single combined cyber event.

---