Jaguar Land Rover has been dealing with the fallout of a significant cyberattack that disrupted its production and business operations beginning in late August, with the company still working to restore full functionality weeks into the incident.
The attack targeted the automaker’s internal systems and caused enough operational damage to halt manufacturing at its UK facilities. While the company initially disclosed the breach, subsequent public updates have been sparse, leaving suppliers, dealers, and employees with limited visibility into the timeline for full recovery.
Cyberattacks on automotive manufacturers have become an increasingly serious concern across the industry. Modern vehicle production relies on deeply interconnected digital infrastructure spanning engineering, procurement, logistics, and manufacturing control systems. A successful intrusion into any of these layers can cascade across the entire operation.
JLR employs tens of thousands of workers across its Solihull, Castle Bromwich, and Halewood plants. Extended downtime has economic implications not only for those workers but for the dense network of suppliers and logistics providers that depend on the company’s production schedule.
The automaker has not confirmed whether a ransom demand was made or whether any customer or employee data was compromised in the breach. Cybersecurity firms tracking the incident have noted that manufacturing sector attacks frequently involve data exfiltration alongside operational disruption.
JLR is in the middle of a major brand transformation that includes repositioning Jaguar as an ultra-luxury electric brand and investing heavily in new Land Rover and Range Rover platforms. The timing of the cyberattack is particularly damaging given the critical development and production work underway.
The company said it is working with cybersecurity specialists and relevant authorities to investigate the breach and restore systems. A specific return-to-normal timeline has not been confirmed.