Jaguar Land Rover (JLR) has instructed factory staff to stay at home until at least Tuesday as the company continues to grapple with the fallout from a cyber attack.
The attack at the weekend forced the company to take vital IT systems offline, which has affected car sales and production.
Production remains halted at car factories in Halewood on Merseyside and Solihull in the West Midlands, as well as at its engine manufacturing centre in Wolverhampton.
The situation remains under review and output could remain suspended for longer.
Car sales have also been heavily disrupted, although the BBC understands some transactions have been able to take place.
JLR, which is owned by India's Tata Motors, shut down its systems on Sunday in order to limit potential damage from the cyber attack.
It is now working to restore them in a controlled manner, but this is understood to be a highly complex process. It is also introducing work-arounds for systems that remain offline.
The attack occurred at what is traditionally a popular time for consumers to take delivery of a new vehicle. The latest batch of new registration plates became available on 1 September.
The disruption extends well beyond JLR's own production lines, with its network of parts suppliers also forced to restrict their operations. Some have complained of a lack of transparency from the company.
Some repair garages have also warned that existing Jaguar or Land Rover owners may face delays if their cars need new parts.
James Wallis of Nyewood Express, an independent garage in West Sussex that repairs and services Land Rovers, told the BBC's Today programme that he "can't look up what I need to repair cars".
"Essentially the parts list is a giant database of items that relates to every single car," he said. "And if I can't find the parts, I can't buy them. I can't fix the car."
He added: "If you need parts which come from just one source and you can't find them, you can't order them. The job stops. You cannot repair the car. The car sits idle, and the poor old customer has to wait."
On Wednesday a hacker group which was also responsible for a highly damaging attack on Marks and Spencer earlier in the year said it had infiltrated JLR's systems.
The group of young English-speaking hackers – who are thought to be teens calling themselves "Scattered Lapsus$ Hunters" – told the BBC how they allegedly accessed the car maker but have not revealed if they successfully stole private data from JLR or installed malicious software onto the company's network.
The group posted two images, which showed apparent internal instructions for troubleshooting a car charging issue and internal computer logs.
A security expert said those screenshots suggested the group had access to information they should not have.
JLR says it is investigating the hack, but there is no evidence at this stage any customer data has been stolen.
In 2023, as part of an effort to "accelerate digital transformation across its business", JLR signed a five-year, £800m deal with corporate stablemate Tata Consultancy Services to provide cybersecurity and a range of other IT services.
The halt in production is a fresh blow to the firm which recently revealed a slump in profits attributed to an increase in costs caused by US tariffs.
The hack has caused severe disruption at manufacturing plants globally, with some staff told not to come into work.
Gloucester City Council says it found the amount by doing its accounts manually following a cyber attack in 2021.
The dogs will work across Norfolk and Suffolk to find mobile phones and hard drives.
A report from the makers of Claude said the AI tool had been used to commit cyber-attacks and fraud.
Information breached includes basic personal information, contact details and identity information.
Copyright 2025 BBC. All rights reserved. The BBC is not responsible for the content of external sites. Read about our approach to external linking.
 

source