Jaguar Land Rover (JLR) has been forced to halt production at several sites after a cyber-attack disrupted its IT systems, with a group of hackers now claiming responsibility.
A Telegram channel linked to well-known collectives Scattered Spider, Lapsus$ and ShinyHunters posted screenshots that appeared to show access to JLR’s internal network. The same networks have been tied to previous breaches at Marks & Spencer, Co-op and Harrods, raising fears of a coordinated campaign against major UK companies.
Disruption Hits Carmaker and Suppliers
Britain’s biggest carmaker confirmed this week that the attack had “severely disrupted” its operations, forcing it to take systems offline. The company said no customer data appeared to have been stolen but acknowledged the shutdown had a significant impact.
Suppliers, who deliver parts to JLR factories on a daily basis, have been badly hit. Industry insiders warned that some firms could face losses running into tens of millions of pounds if the disruption continues.
Who Is Behind the Breach?
The Telegram group’s name referenced three English-speaking hacker networks. Scattered Spider, largely made up of teenagers and young adults, has been blamed for a series of UK retail attacks earlier this year. Police arrested four suspects, including three teenagers, in July during an investigation into those incidents.
Cybersecurity experts say the tactics used by Scattered Spider and its allies resemble those of ransomware gangs but with a younger, more internet-savvy demographic. “They are English-speaking, highly active on social media, and often operate in loose, shifting groups,” said Aiden Sinnott, a researcher at UK security firm Sophos.
Analysts also noted possible links to Hellcat, another group that previously claimed to have targeted JLR. While many ransomware operations are traced back to Eastern Europe, researchers warn that English-speaking groups are increasingly prominent.
A Blow at a Difficult Time
The attack comes as JLR faces other headwinds, including falling sales and trade tensions with the United States. The company recently reported a 49% drop in pre-tax profits to £351m in the three months to June, a period that included a pause in exports to the US.
Past cases underline the risks. In 2023, 18-year-old Arion Kurtaj, a member of Lapsus$, was detained indefinitely after leaking clips of the unreleased Grand Theft Auto 6. French hacker Sébastien Raoult, linked to ShinyHunters, was sentenced in the US last year for his role in multiple breaches.
Official Response
The National Crime Agency said it was aware of the incident at JLR and was working with partners to assess its impact. The company, which employs nearly 33,000 people across 17 UK sites, has not said how long recovery will take or when full production might resume.
In a brief statement, JLR said its priority was “protecting our customers, our employees and our business.” For suppliers waiting on production lines to restart, the financial pressure is mounting with each passing day.
