Notorious hackers claim responsibility for cyber attack which has ground JLR to a halt

7:30 am, September 4, 2025

A group of hackers who previously targeted Marks and Spencer have claimed responsibility for the cyber attack which has ground JLR to a halt.

Car Dealer reported yesterday (Wed) that IT issues which prevented the British carmaker from registering cars on new plate day, had been caused by an attack on the firm’s global systems.

The incident brought retail and production facilities to a standstill and the forces behind it now appear to have come forward.

The BBC reports that three English language speaking hacking groups known as Scattered Spider, Lapsus$ and ShinyHunters, have claimed responsibility.

The broadcaster says that the gang bragged about the hack on instant messaging platform Telegram and shared screenshots purporting to be from the car manufacturer’s internal IT system.

The group is said to be trying to extort money from the car manufacturer but refused to confirm if they had managed to steal private data from JLR, in private messages with the BBC.

The hackers were also tight-lipped on whether they had been able to install malicious software on to the company’s network.

It comes after a spate of cyber attacks across the UK retail sector earlier this year, with M&S, the Co-op and Harrods among those worst affected.

Scattered Spider has been blamed for the attacks on British retailers earlier this year, after which M&S stopped online sales for around six weeks and warned that the incident could cost it around £300m.

Four young people were arrested for their suspected involvement in the April attacks and have been subsequently bailed.

A spokesperson for JLR said on Wednesday: ‘We are aware of the claims relating to the recent cyber incident and we are continuing to actively investigate.’

The Liverpool Echo reported that workers at JLR’s Halewood plant in Merseyside were told early on Monday morning not to come in to work due to the issue.

The car manufacturer said earlier in the week its production and sales were ‘severely disrupted’ following the cyber attack.

The National Crime Agency has been contacted for comment.

Notorious hackers claim responsibility for cyber attack which has ground JLR to a halt

Jack Williams

More stories...

Scottish Government sets up new EV grant to support households without off-street parking

Family-run Holdcroft hails one of its 'best annual achievements' despite falling profits

Car dealer Big Motoring World has Trustpilot suspension lifted after alleged breach of guidelines

Auto Trader changing email lead notifications to ‘protect customer data’

Hendy Group continues reshuffle as CFO is terminated with firm set to post a loss in 2024

Mercedes specialist Sandown Motors becomes latest car dealer to report falling profits in 2024

New Smart #2 electric two-seater will take brand back to its quirky tiny-car roots

Family-owned Brindley Group agrees deal to add Genesis to Cannock Hyundai site

GVE London sales director speaks out amid dealer’s move towards administration

Weekly Briefing: Could Amazon be in prime position to dominate used car advertising?

EVs lose almost half their claimed range in extreme summer heat – What Car? study

Supercar dealer GVE London posts ‘Notice of Intention to Appoint Administrators’

Research reveals just SIX electric cars could qualify for the full £3,750 Electric Car Grant

Video: Dealers hold used car prices firm in August as values barely budge

Lotus set to slash UK workforce as sports car maker puts 550 jobs at risk

UK vehicle production declines by 10% in July despite improvement in car manufacturing