Jaguar Land Rover’s manufacturing and retailing activities have been “severely disrupted” by a cyber incident, forcing it to shut down its systems.
Britain’s largest carmaker said there was no evidence that any customer data had been stolen.
“We are now working at pace to restart our global applications in a controlled manner,” JLR said in a brief statement. “At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”
JLR said it had “proactively” shut down its systems and taken “immediate action to mitigate [the incident’s] impact”.
Shares in its Indian owner, Tata Motors, fell by 0.9% in Mumbai after it informed investors of a cyber incident on Monday. JLR told its parent company that it was “working at pace to resolve global IT issues impacting our business”.
The disruption comes as the luxury carmaker faces falling profits amid the impact of US tariffs and declining sales.
The business reported that underlying pre-tax profits fell by 49% to £351m in the three months to June, which included a period when the company temporarily paused exports to the US.
A subsequent trade deal between the UK and the US cut car export tariffs from 27.5% to 10%. However, the pause contributed to a near £700m drop in revenue, down 9.2% year on year to £6.6bn.
JLR did not give more details about who was behind the cyber incident, when it was discovered or how long it would take to recover from it.
In April, Marks & Spencer revealed it had been the victim of a devastating cyber-attack which resulted in the closure of its online store for almost seven weeks and cost it hundreds of millions of pounds. The Co-op was attacked in the same month and forced to shut down parts of its IT system.
In May, the luxury retailer Harrods said that it had been targeted, and restricted internet access across its websites after attempts to gain unauthorised access to its system. This was followed by Louis Vuitton, part of the French luxury group LVMH, in July, which said the data of some of its UK customers had been stolen.
The incident comes during one of the busiest weeks for car retailers, with UK dealerships selling their first 75 plate vehicles. Autocar reported that JLR dealers have been unable to register cars with the new plate.
after newsletter promotion
Reports also said staff at its factory in Halewood, Merseyside, were told not to come to work.
JLR also said in July that it had to delay the planned launches of its new electric Range Rover and electric Jaguar models until 2026, after initially aiming for late 2025. The company told staff over the summer that it would axe up to 500 management jobs in the UK as part of a voluntary redundancy round.
JLR, which is headquartered in Coventry, employs 32,800 people in the UK across 17 different sites. Last month it announced PB Balaji would become its new chief executive and would take the reins in November.
Balaji, who is the group finance chief of Tata Motors, will become the British carmaker’s first Indian chief executive. He will replace Adrian Mardell, who is retiring after three years in the top job and 35 years working for the company.
More than one in four UK businesses had been the victim of a cyber-attack in the past year and many more risked “sleepwalking” into such disruption unless they took urgent action, according to a survey of facilities managers, service providers and consultancies undertaken by the Royal Institution of Chartered Surveyors (Rics).
