How Has JLR’s Supply Chain Been Affected by Cyber Attacks?
Jaguar Land Rover (JLR) is facing a cyberattack that has forced it to shut down global IT and production systems, disrupting supply chains during the new car registration season.
The attack affects both manufacturing plants and retail operations, leaving dealerships unable to register or deliver vehicles to customers.
The incident comes amid a wider pattern of cyberattacks on major brands such as M&S, Co-op and Harrods, raising industry-wide questions about supply chain resilience.
How the cyberattack disrupts JLR’s supply chain
JLR, which is owned by Tata Motors in India, confirms that its IT systems were hit in a cyber incident that halts production lines in Merseyside and Solihull in the UK and other global sites. Employees have been told to stay away from plants or leave in order to contain the disruption.
The impact goes beyond assembly lines as vehicle registration at dealerships is blocked, leaving cars undeliverable, coinciding with the rush of new number plates released on 1 September.
In a statement, JLR says: “We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.
“At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”
The integration of IT with operational technology (OT) means that a single breach can freeze entire plants. Each hour of downtime represents lost output and sales across the chain, not just for JLR but for its suppliers and retail partners.
Dray Agha, Senior Manager of Security Operations at Huntress, explains: “This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period like a new registration month.
“Cybercriminals know this and many leverage the stopped clock of business functions as the leverage they need to force capitulation of ransomware demands.
“It is not known if ransomware was involved in the Jaguar Land Rover attack, but ransomware actors target manufacturers for a reason.
“While the quick shutdown of systems was a textbook damage limitation tactic that likely prevented a data breach, it underscores the immense recovery challenge companies now face in safely rebooting complex, interconnected operations after an attack.
“In 2025, there are still companies that wait until a devastating cyberattack to invest in a robust security posture. Fortunately, Jaguar Land Rover appears to have had processes and procedures in place to ‘lessen the effect’ and return to business as usual.
“Containment and recovery are crucial parts of responding to an incident and many organisations still do not have the detection and response technologies to neutralise security intrusions.”
Cyber risks in automotive supply chains
Modern car production relies on tier-1 and tier-2 suppliers feeding into a digitised network. Any disruption to IT or logistics creates knock-on effects across the supply chain. Cybercriminals target this complexity, often seeking not data but direct operational paralysis.
Katie Barnett, Director of Cyber Security at Toro Solutions, says: “The recent JLR cyber incident underscores the critical importance of robust cyber security, especially when protecting the intricate supply chains that underpin modern manufacturing.
“Early detection of supply chain vulnerabilities is vital to minimising the impact of such breaches.
“These events are highly disruptive and stressful for everyone involved in restoring systems and resuming operations. They serve as a further reminder to reassess your IT resilience.
“While third-party vendors are essential to supply chain efficiency, it’s important to ask the following questions: Do they have the right security controls in place? Can you detect system infiltration early enough to contain the damage? Are your incident response plans ready to activate and restore business continuity at speed?
“With its complex global networks, the automotive industry remains a high-value target for cyberattacks. Continued investment in third-party risk and resilience audits, real-time monitoring and rapid response strategies is essential to contain threats and recover swiftly, ensuring operational integrity and customer trust.”
Industry-wide lessons from cyberattacks
The JLR breach is part of a wider surge in cyber incidents targeting household names. In 2025, M&S reported an estimated £300m (US$402m) hit from an attack that disrupted supply chains and emptied shelves. Co-op shuttered systems across 2,300 stores after a ransomware attempt, while Harrods restricted access as a precaution against a similar strike.
Shankar Haridas, Head of UKI at ManageEngine, says: “These back-to-back security incidents, especially on major global brands, is definitely a matter of concern.
“The impact that this has on UK businesses especially is profound and increasingly concerning. This brings to the forefront the relentless challenges organisations face in protecting their digital assets.
“While businesses continue to invest heavily in frontline defences, attackers are finding new ways in – exploiting weak links in digital supply chains or infiltrating through trusted vendors.
“With the rise of AI, the threat is reimagined like never before and driving an ever greater velocity of attacks.
“No organisation can close every gap. That is why security can no longer be seen as an insurance policy – it must be embedded as a core strategic priority and a fundamental part of every organisation’s toolkit.”
Nivedita Murthy, Senior Security Consultant at Black Duck, adds: “Jaguar did the right thing by shutting down its IT system before the attack spread further and caused damage.
“As part of the post-incident activity, they would be able to identify how the attackers were able to access the systems and take advantage of them.
“This incident is another reminder to retailers that emphasises the need to work on securing business operations as well as customer data to ensure smooth production and uncompromised trust in software, as attackers are increasingly targeting retail operators to access customer base information.
“People within an organisation tend to be the weakest links and any information gained on customers could be used for future phishing attacks or scams. The fraud industry is thriving and more and more people are falling victim due to the fact that a lot of information on customer activity is available online.”
