Notorious hackers claim responsibility for cyber attack which has ground JLR to a halt

7:30 am, September 4, 2025

A group of hackers who previously targeted Marks and Spencer have claimed responsibility for the cyber attack which has ground JLR to a halt.

Car Dealer reported yesterday (Wed) that IT issues which prevented the British carmaker from registering cars on new plate day, had been caused by an attack on the firm’s global systems.

The incident brought retail and production facilities to a standstill and the forces behind it now appear to have come forward.

The BBC reports that three English language speaking hacking groups known as Scattered Spider, Lapsus$ and ShinyHunters, have claimed responsibility.

The broadcaster says that the gang bragged about the hack on instant messaging platform Telegram and shared screenshots purporting to be from the car manufacturer’s internal IT system.

The group is said to be trying to extort money from the car manufacturer but refused to confirm if they had managed to steal private data from JLR, in private messages with the BBC.

The hackers were also tight-lipped on whether they had been able to install malicious software on to the company’s network.

It comes after a spate of cyber attacks across the UK retail sector earlier this year, with M&S, the Co-op and Harrods among those worst affected.

Scattered Spider has been blamed for the attacks on British retailers earlier this year, after which M&S stopped online sales for around six weeks and warned that the incident could cost it around £300m.

Four young people were arrested for their suspected involvement in the April attacks and have been subsequently bailed.

A spokesperson for JLR said on Wednesday: ‘We are aware of the claims relating to the recent cyber incident and we are continuing to actively investigate.’

The Liverpool Echo reported that workers at JLR’s Halewood plant in Merseyside were told early on Monday morning not to come in to work due to the issue.

The car manufacturer said earlier in the week its production and sales were ‘severely disrupted’ following the cyber attack.

The National Crime Agency has been contacted for comment.

Notorious hackers claim responsibility for cyber attack which has ground JLR to a halt

Jack Williams

More stories...

Smart boss explains how brand is now 'benefiting heavily' from Mercedes and Geely joint venture

Used car dealer jailed for assisting road rage killer who attacked victim with wheel brace

FCA says motorists will bag £200m in compensation after insurers 'short change' customers

JLR extends production shutdown for another week as firm continues to fight cyberattack

Busting the biggest warranty myths: What car dealers need to know

Family-run T Wall Garages posts improved profits as dealer thrives in 'extremely challenging market'

Nissan's UK boss ‘very confident’ that Micra will help firm achieve ZEV Mandate targets

Car dealer Lookers returns to profit as year of job losses and cuts pays off for Canadian owners

Family-run SLM Group adds Alpine to Weybridge site as bosses hail 'exciting new chapter'

Car supermarket: Nissan teams up with Sainsbury's to showcase range of new EVs

Car Dealer Podcast Live 2025 is almost here – Here's everything you need to know

Last chance to get your hands on Car Dealer Podcast Live tickets with event just days away

What does 'disappointing' interest rates hold mean for the automotive industry?

Police make arrest after uncovering illegal chop shop selling stolen car parts

Family-run dealer group Listers saw £1.33bn turnover but pre-tax profits nosedived

Used Car Awards 2025 – time is running out to nominate yourself for industry's 'Oscars'