Jaguar Land Rover is recovering from a significant cyberattack that disrupted its operations and could expose the British carmaker to losses of up to $2 billion, according to media reports.
The breach, which forced the company to shut down parts of its IT infrastructure and production facilities, has also placed renewed scrutiny on Tata Consultancy Services, JLR’s technology partner and part of the broader Tata Group. The incident comes less than a year after a similar attack affected another TCS client, UK retailer Marks & Spencer.
JLR resumed limited IT operations on September 25, including systems needed to process supplier payments. The company had previously taken several of its digital systems offline in late August, leading to supply chain disruptions and internal operational delays across its manufacturing network.
While the full extent of the financial and reputational damage remains unclear, analysts say the episode underscores the rising vulnerability of industrial firms to cyber threats, even as they deepen digital integration across global operations.
TCS declined to comment on its role in the incident. JLR has not disclosed the nature of the breach or the identity of the attackers.
How did the cyberattack happen?
On August 31, a manager at a JLR factory in Halewood, Merseyside notified that there might have been a hack in their systems. A day later, UK’s largest automotive employer decided to shut down operations at several of its factory locations and its entire IT network.
This impacted many factories producing Jaguar and Land Rover cars across the UK, Slovakia, Brazil and India, according to a report by The Guardian. The entire supply chain was left in a limbo, including over 33,000 employees directly working with Tata Group-owned JLR and another 200,000 people within its supplier network.
Supply chain disruption, workers impacted
As per BBC reports, an investigation is under way into the attack, and even the government officials have stepped in to support the suppliers. The attack is believed to be costing the company at least £50 million (around $66.76 million) a week in lost production.
Many suppliers are fearing closure of their businesses. A Bloomberg report said JLR has paid roughly £300 million to its partners in recent days. Now the UK government wants to step in too to buy some of the ports from the suppliers to aide them.
As of September 25, JLR has restarted some of its IT systems to make further payments to the suppliers.
What’s the TCS connect?
This incident poses a big question on TCS, JLR’s technology services partner and India’s largest IT software exporter. In 2023, JLR had signed a 5-year agreement with TCS worth £800 million ($1 billion), Moneycontrol had reported.
As per the deal signed, TCS was helping JLR to transform, simplify and manage its digital services, and "build a new future-ready, strategic technology architecture that will support the latter’s 'Reimagine' strategy."
The hack at JLR is suspected to have occurred during one of its system upgrades. According to The Guardian report, everything that was connected in JLR’s systems appears to have become a vulnerability.
“When it discovered the intrusion, the carmaker was unable to isolate factories or functions, forcing it to shut down most of its systems,” the report said.
Queries sent to TCS by Moneycontrol went unanswered at the time of publishing. The company is in silent period, ahead of its earnings announcement
Not the first time
The JLR hack will be the third such massive cyberattack among TCS’ customers. Previously, Marks & Spencer and the Co-op, two major British retailers and TCS customers had suffered attacks this year.
A Reuters report in May that TCS was the “means of access” for hackers to get into M&S’s systems over the Easter weekend.
In June 2025, during TCS’ AGM, the company said that none of its "systems or users were compromised" as part of the M&S cyberattack, its client of more than a decade.
The M&S hack that led to its customer data leaking, had costed the company about £300m.
What did JLR say?
With the media reports of JLR losing $2 billion -- that’s more the $1.8 billion the company earned in profits in FY25 -- Bombay Stock Exchange (BSE) had sought clarification from Tata Motors on September 25.
In its response, Tata Motors shared a statement from JLR saying that the company’s foundational recovery work is underway, and it has significantly “increased IT processing capacity for invoicing” following phased restart of its operations.
“We are now working to clear the backlog of payments to our suppliers as quickly as we can,” the company said.
JLR added that Global Parts Logistics Centre, which supplies the parts distribution centres for its retailer partners in the UK and around the world, has returned to full operations. This will enable retail partners to continue to service our clients' vehicles.
“The financial system we use to process the wholesales of vehicles has been brought back online and we are able to sell and register vehicles for our clients faster, delivering important cash flow,” the company noted.
JLR is closely working alongside cybersecurity specialists, the UK Government's NCSC and law enforcement to ensure we restart in a safe and secure manner, the statement said.
Tata Motors, TCS shares in focus
In reaction to JLR’s assurance, the shares of Tata Motors rose over 2 per cent on September 26, as the company restarted its operations.
Meanwhile, TCS has plunged 1.3 percent on the same day. TCS is currently under fire for its 2 percent global workforce layoff plans too.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
