Jaguar Land Rover (JLR) is grappling with a severe cyberattack that has crippled its IT systems and brought global production to a standstill. The company is “working around the clock” with third-party cybersecurity specialists and law enforcement to restore operations, which are expected to take “a matter of weeks rather than days,” with a “long tail of work” extending even further. The attack has halted production at JLR’s main assembly plants in Solihull, Halewood, and its engine manufacturing centre in Wolverhampton in the UK, as well as at its Nitra plant in Slovakia, and operations in Brazil and India.

The extensive disruption means JLR's computer systems have been rendered useless, impacting critical functions such as performing diagnostic tests for car servicing, accessing online catalogues for spare parts, and registering new vehicle sales. Dealerships were particularly affected during the launch of new '75' registration plates, a typically busy period, as they were unable to register newly purchased cars. While JLR's public-facing website and car configurator remain functional, internal systems are severely impacted. Factory staff across its global sites have been temporarily put on leave, with thousands of workers in the UK, Slovakia, Brazil, and India kept on pause, possibly until October.

The cyberattack's impact extends far beyond JLR's direct workforce, causing a significant knock-on effect on the West Midlands automotive sector and its numerous suppliers. Companies like Evtec, WHS Plastics, SurTec, and OPmobility, which collectively employ over 6,000 UK workers, have been forced to temporarily lay off their workforces due to the disruption. Raj Kandola, chief executive of the Birmingham Chambers of Commerce, highlighted JLR's role as an “anchor institution,” emphasizing the crucial importance of its supply chains. Professor David Bailey of Birmingham University estimates the hit to profits to be around £5 million per day, with the prolonged disruption increasing the likelihood of customers seeking alternatives. There is some hope that the government might offer financial support to cushion the impact on JLR's suppliers, echoing past interventions during industry crises.

A group named the “Scattered Lapsus$ Hunters,” reportedly affiliated with “The Com” and “Scattered Spider,” has claimed responsibility for the cyberattack. JLR has stated there is no evidence of customer data theft and has apologized for the significant disruption caused to its customers, partners, suppliers, and colleagues. Despite the challenges, independent suppliers of Jaguar and Land Rover surplus stock are finding a silver lining, as customers unable to purchase from main dealers are turning to them.

This cyber incident adds to a series of recent challenges for JLR. The company faced a global backlash last year over the relaunch of the Jaguar brand, which saw the iconic wild cat logo dropped and a new marketing approach aiming for younger, richer, and more urban customers. This move, which involved positioning new cars to directly compete with luxury brands like Bentley and Porsche, drew criticism, including from former US President Donald Trump. Operationally, the rebrand also led to up to 500 job cuts and a significant decline in European sales, attributed to a pause in production ahead of a new electric vehicle lineup. Adrian Mardell, JLR's current CEO, is set to step down in December, with PB Balaji taking over as his replacement.

Furthermore, JLR previously grappled with the threat of Trump imposing 25 percent import taxes on cars and car parts, a significant concern given the US is its largest single market. This led to JLR pausing shipments to America, although a subsequent trade deal offered a 10 percent tariff, albeit higher than the pre-2025 rate. Despite revealing its best financial return in a decade with a £2.5 billion pre-tax profit due to strong Land Rover Defender sales, JLR later saw quarterly profits drop by 49 percent in the wake of protectionist strategies, underscoring the company's tumultuous period leading up to the current cyber crisis.