Jaguar Land Rover HQJaguar Land Rover HQ

News

Notorious hackers claim responsibility for cyber attack which has ground JLR to a halt

  • M&S hackers ‘claim to be behind Jaguar Land Rover cyber attack’
  • The car company said it is aware of the claims and is ‘actively investigating’
  • Gang is said to be trying to extort money from the British carmaker

Time 7:30 am, September 4, 2025

A group of hackers who previously targeted Marks and Spencer have claimed responsibility for the cyber attack which has ground JLR to a halt.

Car Dealer reported yesterday (Wed) that IT issues which prevented the British carmaker from registering cars on new plate day, had been caused by an attack on the firm’s global systems.

The incident brought retail and production facilities to a standstill and the forces behind it now appear to have come forward.

The BBC reports that three English language speaking hacking groups known as Scattered Spider, Lapsus$ and ShinyHunters, have claimed responsibility.

The broadcaster says that the gang bragged about the hack on instant messaging platform Telegram and shared screenshots purporting to be from the car manufacturer’s internal IT system.

The group is said to be trying to extort money from the car manufacturer but refused to confirm if they had managed to steal private data from JLR, in private messages with the BBC.

The hackers were also tight-lipped on whether they had been able to install malicious software on to the company’s network.

It comes after a spate of cyber attacks across the UK retail sector earlier this year, with M&S, the Co-op and Harrods among those worst affected.

Scattered Spider has been blamed for the attacks on British retailers earlier this year, after which M&S stopped online sales for around six weeks and warned that the incident could cost it around £300m.

Four young people were arrested for their suspected involvement in the April attacks and have been subsequently bailed.

A spokesperson for JLR said on Wednesday: ‘We are aware of the claims relating to the recent cyber incident and we are continuing to actively investigate.’

The Liverpool Echo reported that workers at JLR’s Halewood plant in Merseyside were told early on Monday morning not to come in to work due to the issue.

The car manufacturer said earlier in the week its production and sales were ‘severely disrupted’ following the cyber attack.

The National Crime Agency has been contacted for comment.

Jack Williams's avatar

Jack joined the Car Dealer team in 2021 as a staff writer. He previously worked as a national newspaper journalist for BNPS Press Agency. He has provided news and motoring stories for a number of national publications including The Sun, The Times and The Daily Mirror.



More stories...

Advert
Server V2