Jaguar Land Rover staff to stay at home in cyber attack fallout

Jaguar Land Rover (JLR) has instructed factory staff to stay at home until at least Tuesday as the company continues to grapple with the fallout from a cyber attack.

The attack at the weekend forced the company to take vital IT systems offline, which has affected car sales and production.

Production remains halted at car factories in Halewood on Merseyside and Solihull in the West Midlands, as well as at its engine manufacturing centre in Wolverhampton.

The situation remains under review and output could remain suspended for longer.

Car sales have also been heavily disrupted, although the BBC understands some transactions have been able to take place.

JLR, which is owned by India's Tata Motors, shut down its systems on Sunday in order to limit potential damage from the cyber attack.

It is now working to restore them in a controlled manner, but this is understood to be a highly complex process. It is also introducing work-arounds for systems that remain offline.

The attack occurred at what is traditionally a popular time for consumers to take delivery of a new vehicle. The latest batch of new registration plates became available on 1 September.

The disruption extends well beyond JLR's own production lines, with its network of parts suppliers also forced to restrict their operations. Some have complained of a lack of transparency from the company.

Some repair garages have also warned that existing Jaguar or Land Rover owners may face delays if their cars need new parts.

James Wallis of Nyewood Express, an independent garage in West Sussex that repairs and services Land Rovers, told the BBC's Today programme that he "can't look up what I need to repair cars".

"Essentially the parts list is a giant database of items that relates to every single car," he said. "And if I can't find the parts, I can't buy them. I can't fix the car."

He added: "If you need parts which come from just one source and you can't find them, you can't order them. The job stops. You cannot repair the car. The car sits idle, and the poor old customer has to wait."

Land Rover dealers and repair specialists across the world are affected. Alan Howard, a Londoner who runs a Land Rover parts specialist in Tasmania, Australia, said he has "no idea" when the disruption will end.

"Even though I'm an independent here all the way down in Tasmania, I use exactly the same software as a Land Rover dealer in London," he told the BBC's World Business Report. "Monday morning we [came] in and the system is down."

There are some third-party sellers, Mr Howard said, but many of them only sell older parts.

"We just can't get access to the parts programme," he said. "We have to use a bit of ingenuity."

On Wednesday a hacker group which was also responsible for a highly damaging attack on Marks and Spencer earlier in the year said it had infiltrated JLR's systems.

The group of young English-speaking hackers – who are thought to be teens calling themselves "Scattered Lapsus$ Hunters" – told the BBC how they allegedly accessed the car maker but have not revealed if they successfully stole private data from JLR or installed malicious software onto the company's network.

The group posted two images, which showed apparent internal instructions for troubleshooting a car charging issue and internal computer logs.

A security expert said those screenshots suggested the group had access to information they should not have.

JLR says it is investigating the hack, but there is no evidence at this stage any customer data has been stolen.

In 2023, as part of an effort to "accelerate digital transformation across its business", JLR signed a five-year, £800m deal with corporate stablemate Tata Consultancy Services to provide cybersecurity and a range of other IT services.

The halt in production is a fresh blow to the firm which recently revealed a slump in profits attributed to an increase in costs caused by US tariffs.