Jaguar Land Rover halts global production and sales after a massive cyberattack

Jaguar Land Rover (JLR), one of the world's largest luxury car manufacturers, has had its global production and sales severely disrupted after suffering a high-impact cyberattack. The company, owned by Tata Motors, made the decision to shut down and isolate its computer systems internationally to minimize damage, thus adding to the wave of cyberattacks that is hitting the British automotive industry and retail sector hard in 2025.

‍

What has happened and how has JLR responded?

• The incident was detected late on Tuesday and triggered security alerts that led to the preventive shutdown of critical systems, impacting factories in the United Kingdom, China, Brazil, Slovakia and the global network of dealers and online sales.
• Workers at plants such as Solihull (where Range Rover and Range Rover Sport are produced) were sent home and there have been significant delays in assembly, deliveries and customer service.
• JLR has reported that, so far, there is no evidence of theft of customer or employee data.
• The company collaborates with forensic experts, expects a progressive recovery and an exhaustive verification before returning to operations - without yet daring to give a date for full recovery.

‍

Ransomware? Potential managers and context

• Although JLR has not publicly confirmed the type of attack, experts and international media point to possible ransomware, following the modus operandi of gangs that have recently attacked retailers and luxury brands in the United Kingdom such as Marks & Spencer and Harrods.
• The alleged perpetrators include gangs such as Scattered Spider or HELLCAT, known for their techniques of double extortion, phishing infiltration and compromise of unpatched vulnerabilities.

‍

Sectorial impact and lessons for industrial cybersecurity

• The attack comes at a particularly delicate time for JLR: the company was already facing delays in electric launches and difficulties due to international tariffs.
• Supply and delivery chains have experienced critical interruptions; each shutdown hour in the automotive industry can result in millions in losses.
• The incident highlights the growing trend of attacks on high-profile manufacturers and retailers: the sophistication and number of ransomware-as-a-service attacks is increasing, and no sector, however solid, is completely safe.

‍

Prevention keys and recommendations

• Segmentation of industrial and IT networks with strict protocols, offline backup and well-trained incident response.
• Continuous monitoring and simulations in the face of ransomware, phishing and data loss scenarios.
• Active collaboration with specialized suppliers, customers and CERTs for rapid response and recovery.

‍

🛡️ Consult Apolo Cybersecurity experts and protect your industrial and digital value chain

‍

The Jaguar Land Rover crisis is a new warning for the global industrial sector: digitalization and cybersecurity must go hand in hand. Only proactive, well-formed companies with constant investments in critical technology will be able to minimize damage and maintain the trust of customers and partners in the midst of the digital era.

Do you want to anticipate the next major cyber risks?

‍