Jaguar Land Rover (JLR) is grappling with a major cyberattack that has forced it to shut down IT systems and suspend production at plants around the world.

The incident, first reported last week, has halted operations at JLR’s major UK factories in Solihull, Halewood and Wolverhampton, as well as sites in India, Slovakia, Brazil and China. Dealerships are also affected, unable to process registrations or carry out servicing, leaving thousands of customers waiting for deliveries.

Although the company has said there is no evidence customer data has been compromised, the disruption is significant. Staff at several sites have been told to stay home, with the company confirming that production stoppages could last for weeks. Industry experts warn the process of safely restoring interconnected global IT systems could take months.

A group calling itself “Scattered Lapsus$ Hunters” has claimed responsibility for the attack. The same group has been linked to previous breaches at UK retailers including Marks & Spencer, Harrods and the Co-op.

The UK’s National Cyber Security Centre and other government agencies are now assisting JLR as it works to contain the breach and bring its systems back online. Cybersecurity analysts have described the attack as one of the most disruptive to hit the UK automotive sector.

The timing comes as JLR continues a brand overhaul, shifting toward electrification and repositioning Land Rover models under the Range Rover, Defender and Discovery sub-brands. Analysts say the prolonged shutdown could affect already stretched supply chains and delivery times for popular SUVs.

In a statement, JLR said its priority was restoring operations safely: “We are working around the clock with external experts and government partners to fully investigate and resolve this incident.”

Customers are being advised to contact dealers directly for updates on orders and servicing until systems are fully restored.