Jaguar Land Rover has confirmed that a suspected cyber attack has ‘severely disrupted’ vehicle production, halting operations at its two main UK factories.
The automotive giant, owned by India’s Tata Motors, said it moved quickly to limit the impact of the incident and is working to restart systems.
Tata Motors has not seen its share price majorly affected by the incident.
Retail operations have also been badly affected during a peak sales period, although the company has said there is no evidence customer data has been compromised.
The disruption began on Sunday, just as the latest batch of new registration plates became available on 1st September.
The BBC reported the attack was identified while in progress, prompting JLR to shut down its IT systems to minimise the damage.
Staff at the Halewood plant in Merseyside were told not to come in via email on Monday morning, with some later sent home, according to the Liverpool Echo.
The Solihull plant has also been hit, with workers there similarly affected.
In a statement, JLR said: “We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner.”
It added: “At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”
It follows attacks on other major UK retailers including Marks & Spencer and the Co-op, both of which involved extortion attempts.
The National Crime Agency said: “We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact.”
Cybersecurity experts say the incident highlights the growing threat facing large organisations.
Richard Ford, CTO at Integrity360, commented: “Cyber attacks are no longer just about stealing data. Increasingly, this is a two-pronged approach and utilising ransomware to disrupt business operations, as we have seen in the recent attack on Jaguar Land Rover.
“Criminals are targeting production environments and retail systems to cause maximum disruption and financial pressure.
“Responding to an incident is as much about crisis management and leadership as it is cyber security, and the two need to go hand-in-hand to limit impact on the organisation, their customers and their brand.
“Based on the information provided so far by JLR, like with the Co-op group, this is what they have done well and will potentially be a lesson for others to learn from.
“They have taken the proactive and immediate step to take themselves offline once the attack was detected to lessen the impact. This is where leadership is so important.”
“Ultimately, the goal is resilience. Organisations that prepare for disruption, not just data loss, will be best placed to protect their operations and reputation when it matters most.”
Dai Vaughan, CTO at Public Digital, added: “Disruption from cyber-attacks is no longer a question of if, but when. Organisations need to move beyond a purely defensive mindset focused on prevention, towards a cyber approach that embraces preparedness and resilience as an ongoing commitment.
“A quick recovery is critical: getting services back online quickly and safely after an attack can be the difference between a short-lived outage and months of disruption costing organisations tens of millions – like the recent Transport for London cyber-attack which took four months to resolve and cost an estimated £30m.”
“Ultimately, resilience isn’t about eliminating risk entirely, but about understanding it, planning for it, and cultivating a culture that can absorb shocks and recover quickly.”
AI firm Nscale launches London base, to hire 100 specialists