Global shut down continues into fourth day as group claims responsibility for cyber attack
11:14, 04 Sep 2025Updated 11:47, 04 Sep 2025
A look inside Jaguar Land Rover, Halewood(Image: Jaguar Land Rover Halewood)
Jaguar Land Rover staff are still not back at work at the firm’s Merseyside factory as a shut down following a cyber attack continues into a fourth day. On Tuesday, the ECHO was the first to reveal that the major international company had been affected by a “cyber incident” and had quickly shut down all its systems.
The incident was reported on Monday, September 1, with production staff telling the ECHO they received an email at 4.30am telling them not to come in to work. Another shift was sent home from the Halewood plant.
The shut down has affected all of JLR’s facilities in the United Kingdom and around the world in places like in Slovakia, Brazil and China. The company has confirmed that it has continued into a fourth day today – with Halewood workers confirming they have not returned to the plant today.
An update sent to staff at the Merseyside plant today states: “Our teams continue to work swiftly to resolve issues and restore services, with a focus on those most critical to business operations.
“The leadership team has agreed that production associates will be stood down and will have hours banked in line with the corridor agreement.
“All colleagues are required to attend work as normal on Friday, September 5 unless informed otherwise via email communications.”
The ECHO contacted JLR today who confirmed that the shut down has continued today – and that it is affecting all its sites.
Jaguar Land Rover Halewood(Image: Andrew Teebay/Liverpool Echo)
Meanwhile, a group of young hackers who targeted Marks and Spencer and other British brands in recent cyber hacks have reportedly claimed responsibility for the JLR attack.
The BBC reported on Wednesday that the gang has bragged about the hack on instant messaging platform Telegram and shared screenshots purporting to be from the car manufacturer’s internal IT system.
It comes after a spate of cyber attacks across the UK retail sector earlier this year, with M&S, the Co-op and Harrods among those worst affected.
The gang made the claims on a Telegram channel which is called Scattered Lapsus$ Hunters, a combination of three English language speaking, hacking groups known as Scattered Spider, Lapsus$ and ShinyHunters.
According to the BBC, in private text conversations one of the criminals, who says they are the spokesperson for the group, claimed they are trying to extort money from the car manufacturer.
A spokesperson for JLR said on Wednesday: “We are aware of the claims relating to the recent cyber incident and we are continuing to actively investigate.”
A spokeswoman for the National Crime Agency said: “We are aware of an incident impacting Jaguar Land Rover and are working with partners to better understand its impact.”