Jaguar Land Rover (JLR) has suffered a cyberattack that has “severely disrupted” production, forcing the carmaker to halt operations.
The Tata Motors–owned manufacturer said it had taken “immediate action” by proactively shutting down its systems to contain the incident.
According to the Liverpool Echo, workers at JLR’s Halewood plant in Merseyside were told by email on Monday morning not to come in, while others already on site were sent home.
“We are now working at pace to restart our global application in a controlled manner,” JLR said in a statement, adding that there was no evidence customer data had been compromised. Nonetheless, the car maker confirmed that both “retail and production activities have been severely disrupted.”
Cybersecurity experts warn that the automotive industry is increasingly vulnerable to such attacks as operations become more digitised.
“The attack has hit Jaguar Land Rover during one of their busiest times of the year – when new registration plates are launched,” said James Neilson, SVP International at OPSWAT. “This type of situation gives attackers substantial leverage over their victims.”
Mark Tibbs, partner in the cyber risk and complex investigations practice at Mishcon, suggested the breach may have reached operational technology (OT) – the systems that directly control manufacturing.
“When faced with cyberattacks, companies may be forced to switch off OT systems as a precaution, to prevent the attack from spreading or causing physical damage,” he explained.
“Alternatively, disruption could stem from IT systems being so tightly integrated with production that any shutdown has an immediate knock-on effect on manufacturing.”
Katie Barnett, director of cybersecurity at Toro Solutions, said these incidents place immense pressure on companies trying to restore systems quickly. She also highlighted the importance of supply chain security:
“While third-party vendors are essential to efficiency, businesses must ask themselves: Do partners have the right controls in place? Can infiltration be detected early enough to contain the damage? Are incident response plans ready to activate and restore continuity at speed?”
