JLR cyberattack halts production and retail operations, raising supply chain concerns

JLR has been impacted by a cyber incident that forced the carmaker to shut down its global IT systems this week, disrupting vehicle production and retail operations at a critical point in its sales calendar.

The Tata Motors-owned manufacturer confirmed on 2 September that it had proactively taken global systems offline after detecting a cybersecurity threat. While the company said there was no evidence of customer data being compromised, operations have been affected, and systems are being restored “in a controlled manner.”

It’s reported that workers at JLR’s Halewood plant in Merseyside were told not to report to work following the shutdown, highlighting the scale of the disruption to manufacturing. Dealer networks have also been affected, with vehicle deliveries and order processing delayed during the rollout of the UK’s new ‘75’ registration plates, which apply to all vehicles registered from September 2025.

The incident puts JLR among a growing number of automotive organisations targeted by cyberattacks. In March 2025, the HELLCAT ransomware group allegedly claimed responsibility for leaking internal JLR documents and employee data. More widely, in 2023, a cyberattack on Yanfeng International Automotive Technology triggered supply chain issues that forced Stellantis to halt assembly at several North American plants. Similarly, in March 2022, Toyota suspended operations at 14 of its Japanese factories after a system failure at supplier Kojima Industries, later confirmed to be the result of a cyber incident.

The evolution of cyber threats has extended their impact beyond traditional IT domains. Within the automotive industry, where supply chains are highly integrated, such incidents now threaten systemic disruption across manufacturing, logistics and distribution networks.

Eric Elliot, senior manager for supplier cybersecurity at Nissan Group of the Americas, warned that ransomware incidents targeting manufacturing systems are “happening a lot more” and that supplier breaches are reported to his team almost weekly. Speaking at Automotive Logistics & Supply Chain Digital Strategies North America earlier this year, he stressed that resilience depends on viewing cybersecurity as a supply chain issue as much as an IT one: “You’re only as strong as your weakest link.”

Nissan has responded with a supplier cyber risk programme across the Americas, combining supplier assessments, real-time monitoring and coordinated response plans. The initiative has already helped the carmaker avoid costly disruptions, according to the company, and reflects wider efforts among OEMs to standardise supplier cyber assessments through the industry body Auto-ISAC.