A cyberattack on Tata Motors–owned Jaguar Land Rover (JLR) earlier this year has been identified as one of the most damaging ransomware incidents in British corporate history, affecting over 5,000 companies across the supply chain.
According to new research by cybersecurity analysts, the breach, attributed to the Russia-linked LockBit ransomware gang, caused widespread disruption to production, logistics, and supplier networks across the United Kingdom and Europe.
The ransomware attack, which targeted JLR’s parent company Tata Motors in late April, forced the luxury automaker to temporarily halt operations at multiple sites, including its main manufacturing plants in Solihull and Halewood.
The disruption also spread to several suppliers, leaving thousands of firms unable to fulfill parts orders or process invoices. Investigations revealed that the breach originated from a compromised supplier system that provided access to JLR’s digital infrastructure.
Researchers said the scale of the breach made it one of the largest supply-chain cyber incidents in British history. The attack reportedly disrupted the operations of logistics companies, component manufacturers, and dealerships connected to JLR’s systems.
Cybersecurity firm Sophos described the breach as an example of “ransomware contagion,” in which one attack on a central node spreads rapidly through interconnected systems.
The LockBit ransomware group, known for targeting multinational corporations, claimed responsibility for the incident and demanded a ransom payment to prevent the release of stolen data.
Although JLR did not confirm the details of the ransom negotiations, reports suggest that sensitive internal documents and production schedules were among the data exfiltrated during the breach.
The UK’s National Cyber Security Centre (NCSC) and law enforcement agencies launched a joint investigation into the incident.
JLR said in a statement that it had contained the attack and restored most of its systems within days, emphasizing that customer data remained secure.
The company has since enhanced its cybersecurity protocols and initiated a review of third-party vendor access.
It also said that the breach highlighted the need for stronger digital resilience across the automotive supply chain.
Industry analysts said the JLR attack underscores the growing vulnerability of large manufacturers to ransomware threats, particularly in an era of increasingly digitalized operations.
The incident followed a string of high-profile cyberattacks on global automakers and suppliers, including incidents involving Toyota and Continental AG.
The UK government has reiterated its warnings to businesses about the risks of ransomware and has urged organizations to improve their cyber hygiene and incident response systems.
Experts say the fallout from the JLR breach could cost hundreds of millions of pounds in direct and indirect losses, making it the most financially damaging cyberattack in the UK’s corporate history.
Also Read: Meesho Grapples with ₹127 Crore Arbitration Dispute with AWS