“Factories stay closed after hackers cripple JLR systems, leaving staff and suppliers in limbo”
Jaguar Land Rover (JLR) has been forced to extend the shutdown of its UK factories after a cyber attack brought production to a standstill. Plants at Halewood and Solihull, along with the Wolverhampton engine facility, are now expected to remain closed until at least Wednesday.
The disruption has spread beyond Britain, halting operations at JLR’s sites in Slovakia, China and India. The attack, which struck on 31 August, prompted the carmaker to shut down its IT systems as a precautionary measure. While the move protected critical infrastructure, it has caused severe disruption across the business.
Thousands of production workers have been instructed to remain at home until further notice. Under normal conditions, JLR produces around 1,000 vehicles each day. The closure is already having a knock-on effect on suppliers, some of whom have reportedly told their own employees not to come into work while orders remain frozen.
Dealerships were also hit, initially unable to register new vehicles or order parts for customers. Garages responsible for maintaining JLR cars faced similar problems, although temporary workarounds have since been introduced. The timing could hardly be worse, as the attack coincided with the release of new registration plates on 1 September — a period when car sales typically surge as buyers seek the latest number plates for their vehicles.
The company, owned by India’s Tata Motors, insists it is working continuously with outside cyber security experts and law enforcement agencies to restore its networks. JLR said it is committed to restarting systems “in a controlled and safe manner”. Last Thursday, staff were told not to return before Tuesday. That guidance has now been extended, with insiders warning the disruption may continue for weeks, though JLR has not officially confirmed how long the shutdown will last.
For smaller businesses in the supply chain, the consequences could be serious. Shaun Adams, manager of car parts supplier Qualplast, told the BBC that a prolonged halt would be “concerning” for firms like his. “If this starts progressing over weeks, then we would have to seriously look at what we need to future-proof,” he said.
Within days of the incident, a group of young hackers, already linked to cyber attacks on UK companies including Marks & Spencer earlier this year, claimed responsibility. On the encrypted messaging platform Telegram, members of the group boasted about infiltrating JLR’s systems. Security experts who analysed screenshots shared online suggested the attackers had gained access to sensitive internal information. The group is believed to be attempting to extort money from the company. JLR has acknowledged the claims and confirmed it is investigating.
The attack highlights the vulnerability of large manufacturers to online crime. With IT systems increasingly central to global production networks, a single breach can bring complex supply chains to a grinding halt. For JLR, the crisis has stalled thousands of vehicles, delayed customer deliveries and created uncertainty for staff. For the wider automotive industry, it has underlined how dependent factories have become on secure, uninterrupted digital systems.
Whether the company can restore operations quickly or faces a longer shutdown will determine not only its immediate output but also confidence among suppliers, workers and customers. For now, the luxury carmaker is locked in a high-stakes race to get its systems back online before the damage deepens further