Jaguar Land Rover Data Breach: JLR suffers cyber-attack

In September 2025, it was reported that car dealership Jaguar Land Rover (JLR) suffered a cyber incident, which caused widespread disruption. The cyberattack shut down their global IT systems, halting their manufacturing and retail operations for several weeks.

Production lines were at a standstill from the beginning of September 2025, and it was only announced on 8 October 2025 that output at some of its manufacturing sites would resume that day, as it continues to recover from a serious cyber-attack. There is a phased return of staff at some sites in the West Midlands and Merseyside.

JLR confirmed that they had been impacted by a cyberattack and the company was taking “immediate action” and “proactively shutting down our systems” while they investigated the attack. They also confirmed that “some data” had been affected, but didn’t specify which. Read on to find out more about the Jaguar Land Rover Data Breach, what happened and the consequences of this.

The Jaguar Land Rover Cyber Hack: What happened?

On August 31, 2025, Managers at a factory in Halewood, Merseyside, informed industry contacts that there may have been a hack, but the extent of the situation was unclear. This changed quickly on September 1 when the severity of the cyberattack was realised.

Issues were first reported on 1st September 2025, when dealers couldn’t register new cars on ‘new plate day’, traditionally one of the year’s busiest for registrations. In an effort to combat the hack, JLR began shutting down its systems on September 2. This shutdown lasted weeks, halting production and causing huge disruption to the company and its suppliers. It did not restart any systems or produce any new cars globally until production reportedly resumed in phases on October 8, 2025.

JLR reportedly brought in the police and cybersecurity experts to “restart the global applications in a controlled and safe manner”. An investigation was conducted, and it was discovered that “some data” was “affected”, according to JLR. The firm stated that all those affected will be contacted. Officially, it is not known what data was taken; however, it is believed to involve customer data, given the involvement of the police.

The cyber-attack is estimated to have cost JLR £1.5 billion in revenue. As a result, the UK government has announced that it will guarantee a £1.5 billion loan to JLR, to help it support suppliers who have been hit by the production shutdown.

JLR, owned by India’s Tata Motors, is one of the UK’s biggest employers, with around 32,800 people directly employed in the country. It also supports thousands more jobs through its UK supply chain.

Picture of a worker in a high vis working on manufacturing car parts

Who was responsible for the Jaguar Land Rover (JLR) cyber-attack?

On 3rd September 2025, a group of hackers calling themselves Scattered Lapsus$ Hunters claimed responsibility for the hack on JLR. These are the same people who hacked Marks & Spencer in May, causing many weeks of disruption and resulting in a £300 million loss of operating profit for the retailer.

They claimed on Telegram, a messaging platform, that they had obtained JLR customer data after exploiting a flaw in the car maker’s IT system. A screenshot of what appeared to be JLR’s internal system was also posted as proof. A member of the group revealed that a well-known flaw in SAP NetWeaver, a third-party software used by JLR, was exploited to gain unauthorised access to the data.

While there has been no evidence of ransom demands, the group could leverage the data for future exploitation or sell it for financial gain. This raises concerns for anyone whose data could have been affected.

Earlier in the year, the HELLCAT Ransomware Group claimed responsibility for another major data breach against Jaguar Land Rover (JLR), during which gigabytes of sensitive information were leaked, including proprietary documents, source code, and employee and partner data. The attack was attributed to a threat actor known as “Rey,” who posted approximately 700 internal JLR documents that were compromised. The breach happened because HELLCAT used Infostealer Malware to steal Jira credentials.

The data exposed includes:

Development logs
Tracking information
Source code
A large employee dataset that includes usernames, email addresses, display names, and time zones

The inclusion of verified employee data from JLR’s global workforce raises concerns about potential identity theft and targeted phishing campaigns. The leaked JLR data, including source code, tracking information, and potentially cloud credentials, poses serious risks, from intellectual property exposure to potential targeting of individual customers.

A picture of someone on a laptop and holding a tablet, the laptop says data breach and the tablet has a red warning symbol on it. Cyber attack concept image

The consequences of the Jaguar Land Rover data breach

The Jaguar Land Rover breach highlights the vulnerability of many large global businesses and organisations to increasingly sophisticated cyberattacks, which are becoming more frequent. In recent months, numerous large global brands, retailers, and government departments, including the Ministry of Defence and the Ministry of Justice, have suffered cyber-attacks or data breaches.

With cybercriminals targeting large businesses and becoming more active, it’s more important than ever that companies enhance their security to ensure people’s data is protected effectively. Any company or organisation that holds individuals’ data legally has to keep that data safe and secure.

UK General Data Protection Regulations require organisations to process personal data lawfully, fairly, and transparently, ensuring accuracy, storing it for only as long as necessary, and maintaining its security. The Data Protection Act 2018 sets out rules for processing personal data to protect individuals’ privacy, too. In the UK, the Information Commissioner’s Office (ICO) enforces data protection law and offers guidance for both individuals and organisations.

Any organisation that does not comply with UK GDPR and data protection legislation is subject to fines and legal action. If your data has been breached by a business or organisation, whether that be through a cyber-attack or a simple human error, you could be entitled to claim compensation.

A picture of a hacker wearing a black hooded jacket sat facing several blue computer screens

How to claim compensation for a data breach

If you have confirmation that your data has been breached by a business or organisation, such as Jaguar Land Rover, you could be entitled to claim compensation. This can be done through a civil claim, often referred to as a data protection claim. It is advised that you seek the help of an experienced data protection solicitor, as they understand the relevant laws and legislation around UK data protection and can advise you on what steps to take, fight your case on your behalf, and ensure you get the maximum amount of compensation you are entitled to.

HNK Solicitors can help with your data protection claim

If you are considering making a data breach claim, get in touch with HNK Solicitors. We have a team of experienced data protection solicitors with extensive experience helping clients successfully claim compensation from businesses and organisations after their data has been breached.

Our team is on hand to help and will be with you every step of the way during your claim. We offer free, no-obligation consultations to discuss your case and offer advice, and can even take on cases on a no-win, no-fee basis. To book your free consultation, please contact our team today on 0151 668 0810 or email enquiries@hnksolicitors.com. Alternatively, fill in one of the online claim forms on our website, and we’ll be in touch for more information.