Jaguar Land Rover staff to remain home in cyber attack fallout

Jaguar Land Rover (JLR) has instructed factory staff to stay at home until at least Tuesday as the company continues to grapple with the fallout from a cyber attack.

The attack at the weekend forced the company to take vital IT systems offline, which has affected car sales and production.

Production remains halted at car factories in Halewood on Merseyside and Solihull in the West Midlands, as well as at its engine manufacturing centre in Wolverhampton.

The situation remains under review and output could remain suspended for longer.

Car sales have also been heavily disrupted, although the BBC understands some transactions have been able to take place.

The company, which is owned by Indias Tata Motors, shut down its systems on Sunday in order to limit potential damage from the cyber attack.

It is now working to restore them in a controlled manner, but this is understood to be a highly complex process. It is also introducing work-arounds for systems that remain offline.

The attack occurred at what is traditionally a popular time for consumers to take delivery of a new vehicle. The latest batch of new registration plates became available on 1 September.

The disruption extends well beyond JLRs own production lines, with its network of parts suppliers also forced to restrict their operations. Some have complained of a lack of transparency from the company.

On Wednesday a hacker group which was also responsible for a highly damaging attack on Marks and Spencer earlier in the year said it had infiltrated JLRs systems.

The group of young English-speaking hackers – who are thought to be teens calling themselves "Scattered Lapsus$ Hunters" – told the BBC how they allegedly accessed the car maker but have not revealed if they successfully stole private data from JLR or installed malicious software onto the companys network.

The group posted two images, which showed apparent internal instructions for troubleshooting a car charging issue and internal computer logs.

A security expert said those screenshots suggested the group had access to information they should not have.

JLR says it is investigating the hack, but there is no evidence at this stage any customer data has been stolen.

In 2023, as part of an effort to "accelerate digital transformation across its business", JLR signed a five-year, £800m deal with corporate stablemate Tata Consultancy Services to provide cybersecurity and a range of other IT services.

The halt in production is a fresh blow to the firm which recently revealed a slump in profits attributed to an increase in costs caused by US tariffs.