The IT issue which caused chaos at JLR dealerships on Monday’s new plate day has now been confirmed as a cyber attack.
Car Dealer reported yesterday (Tues) that the firm’s UK dealer network had been left unable to register new cars on Monday due to ‘global IT issues’.
The issues then continued throughout yesterday’s trading, with JLR later releasing a statement confirming it had fallen victim to a cyber attack.
The Gaydon-based carmaker says its production and sales have been ‘severely disrupted’ following the ‘major’ attack on its IT systems.
The car manufacturer, owned by India’s Tata Motors, was eventually forced to shut down systems after becoming aware of issues affecting its global operations.
A spokesman said last night that the firm was ‘working at pace’ to restart its operations across its retail and production sites.
They added that there is currently ‘no evidence’ that any customer data has been stolen as a result of the breach.
However, the Liverpool Echo reports that workers at JLR’s Halewood plant were told early on Monday morning not to come into work due to the issue.
A spokesman for the car manufacturer said: ‘JLR has been impacted by a cyber incident.
‘We took immediate action to mitigate its impact by proactively shutting down our systems.
‘We are now working at pace to restart our global applications in a controlled manner.
‘At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.’
JLR’s IT services have been provided through Tata Consultancy Services Ltd – a subsidiary of Tata Motors – since 2023.
In response to the news of the attack, experts said the incident showed the importance of using ‘more than just traditional defences’.
Kev Eley, vice president UKI at cyber security firm Exabeam, said: ‘The recent cyberattack on JLR, one of the UK’s most iconic and respected brands, highlights the rising and critical threat facing the country’s automotive and manufacturing sector.
‘What was once considered a risk for IT teams alone is now a direct threat to business continuity, operational resilience, and national supply chains.
‘This incident reveals a wider trend in attacker behaviour. Threat actors are no longer just seeking out financial gain, they’re increasingly exploiting operational dependencies and taking advantage of expansive attack surfaces.
‘Despite this, there is no current evidence any customer data has been stolen from the attack.
‘What’s clear is that swift incident response remains a critical factor in containing threats and protecting core operations.
‘Staying ahead of attackers requires more than just traditional defences. AI-powered detection, behavioural analytics, and automated response systems help organisations reduce downtime, protect data, and gain the edge over modern threats.’