Jaguar Land Rover announced Tuesday that the company has been targeted by a cyberattack that has "severely disrupted" its production activities.
The British carmaker, which officially rebranded as JLR about two years ago, said it "took immediate action to mitigate its impact by proactively shutting down" its systems. The company says it is trying to restart its global applications in a "controlled manner."
JLR says it has no evidence that customer data has been compromised, but the incident also hit the company's retail business.
Most Read on IEN:
- Milwaukee Tool Employee Allegedly Shipped More Than $1 Million in Tools to Himself
- Over 600 Memphis FedEx Workers Laid Off as Cummins Moves Out of State
- GM's Futuristic Corvette Opens Like a Fighter Jet
- Podcast: Mine Swallowing Town; Colorado Dairy Tragedy; AirBorn Closes Plant
Nivedita Murthy, senior staff consultant at Black Duck, a Burlington, Massachusetts-based IT security provider, said containment is the appropriate first step after detecting a security incident. "Jaguar did the right thing by shutting down its IT system before the attack spread further and caused damage," she said. "As part of post-incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of [them]."
Murthy added that the incident is a reminder for companies to secure business operations and customer data, because, for example, attackers are increasingly targeting retail operators to access customer information. People within an organization often tend to be the weakest links, and the customer information gleaned from a breach is frequently used in future phishing attacks and scams.
Agnidipta Sarkar, chief evangelist at cybersecurity firm ColorTokens, noted that this wasn't the first attack on JLR. Sarkar told Industrial Equipment News (IEN) that the Hellcat ransomware group targeted JLR in March 2025. The group compromised Atlassian Jira project management software to steal sensitive data. Sarkar said the latest attack is likely a ransomware attack or a significant system compromise.
JLR is a subsidiary of Tata Motors. The production halt is another blow to the firm, which recently revealed a stark 49% drop in quarterly profits due to U.S. tariffs and weakening sales. Last August, the company said that it was essentially taking a year off from selling cars as it transitioned from internal combustion engine cars to a complete line of EVs. The company also experienced a brand crisis in November 2024 when it ditched its brand's iconic "leaper" Jaguar.
Jeff Reinke, host of the Security Breach podcast, said attacks targeting supply chains are growing in popularity because the pressure to pay the ransom has intensified. "The attack not only impacts the victim, but their partners up and down the supply chain," he said. "Distributors, logistics, retailers and more lean on these companies to figure it out and get back to business as usual as quickly as possible."
Reinke says the manufacturing industry continues to be a primary target for these types of attacks because its supply chains, especially in the automotive sector, are very complex and involve numerous players of all sizes. He said, "Jaguar's ability to react quickly probably helped not only to minimize the impact on their operations, but those of their supply chain partners as well."
Click here to subscribe to our daily newsletter featuring breaking engineering industry news.
