More than a million Range Rover and Jaguar drivers could face huge delays in getting their motors repaired after a devastating cyber-attack crippled Jaguar Land Rover.
The British car manufacturer has become the latest big-named firm to have been hit by hackers, following similar digital strikes on Marks and Spencer and Co-op.
Bosses at Jaguar Land Rover (JLR) were forced to scramble on Sunday, hastily shutting down global computer systems to protect sensitive information.
Efforts are still ongoing to reboot the company’s stricken systems, with the fallout effectively paralysing dealerships and garages, which can no longer order new parts from JLR.
Mechanics across the Indian-owned firm’s franchised dealership network rely on JLR’s diagnostic tech to identify faults and electronic catalogues to order replacement parts.
However, with these systems still crippled, it means owners of vehicles like the Range Rover, Discover and Defender models, as well as Jaguar sports cars, that need to be repaired are now stuck in limbo.
JLR has insisted it is working to resolve the issue but warned its retail and production activities have been ‘severely disrupted’.
It is unclear how long it will take the car builder to restore its IT network. A previous attack on UK retailer M&S over the Easter took weeks to resolve, and cost the company millions of pounds.
Staff are seen assembling Range Rover Evoque SUVs on the production line at Jaguar Land Rover’s Halewood factory in Liverpool in December 2022 – the plant was closed on Monday
The crippling cyber-attack could leave more than a million Land Rover and Jaguar owners facing lengthy delays to have their cars repaired
According to official data there are more than a million Land Rover cars and about 373,000 Jaguars licensed in the UK.
Amid the crisis, some garages are understood to be carrying out repairs, using remaining stocks of spare parts to fix faults, while JLR provides technical support where it can.
However, car dealership bosses have today sounded the alarm, warning the disruption would have a ‘devastating’ impact on JLR’s network of workshops.
James Wallis, who runs independent garage Nyewood Express in Hampshire said: ‘It’s really devastating and I think very few people know what it means. You’re going to see a lot of broken Land Rovers, because you can’t get the parts.
‘If a car’s MoT comes around and it fails, that car is going to be off the road.’
The process of ordering spare parts relies on mechanics inputting a vehicle’s chassis number into an electronic catalogue, which gives a list of compatible replacements.
But Mr Wallis told the Telegraph the system had been offline since Monday and was still down as of yesterday.
To overcome the digital meltdown, the car dealership boss said garages were now considering cannibalising parts from second-hand motors.
According to official data there are more than a million Land Rover cars and about 373,000 Jaguars licensed in the UK
However, this comes with its own problems as the replace parts would invariable have a shorter shelf-life than brand-new kit and would not be under warranty.
Industry officials last night sought to reassure customers that there were ‘substantial’ stockpiles of spare parts that could still be distributed.
Paul Myers, of Land Rover parts supplier Britpart, said the company was still able to distribute replacement tech via its own networks.
However, Mr Myers warned the cyber attack was ‘restricting the ability’ of workshops to fix broken motors.
‘I’ve spoken to an awful lot of our customers and everybody’s frustrated – not with Land Rover, but with the clowns behind this attack,’ he added, telling the Telegraph. ‘It’s costing everybody money and ultimately customers who own the cars will be disadvantaged by not being able to get the cars fixed.’
JLR is the latest major UK brand to be targeted by hackers after not only M&S and the Co-op but also Harrods fell victim to hacking chaos earlier this year.
The company, owned by India’s Tata Motors, said it had not found any evidence at this stage that any customer data had been stolen after it shut down its systems to mitigate impact.
Cyber groups known as Scattered Spider and Shiny Hunters have claimed responsibility for the hack, saying they were able to exploit an apparent glitch in the company’s IT systems – while boasting of gaining access to customer data.
The two organisations, believed to largely comprise teenagers and young men in English-speaking nations, now describe themselves as ‘one and the same’ – while rebranding themselves as ‘Scattered Lapsus Hunters’.
A screenshot was shared online by a user on a Telegram messenger group linked to the two groups, purporting to show access to JLR’s internal systems.
A group member, identifying as ‘Shiny’, claimed they had made the most of a flaw in third-party software to access consumers’ data.
Three male teenagers and a 20-year-old woman were arrested in association with the previous retail attacks on Marks and Spencer and the Co-op.
It is the latest major UK brand to be targeted by hackers after M&S and the Co-op fell victim to hacking chaos earlier this year – shoppers are seen here in central London
JLR – which recently wound down building new Jaguars ahead of its switch to electric vehicles – sent staff home from its Halewood plant near Liverpool on Monday following the cyber-attack.
The firm said in a statement: ‘JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems.
‘We are now working at pace to restart our global applications in a controlled manner.
‘At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.’
A spokeswoman for JLR continued: ‘We are aware of the claims relating to the recent cyber incident and we are continuing to actively investigate.’
Mark Tibbs, from law firm Mishcon’s cyber risk and complex investigations practice, told how Jaguar Land Rover’s statement acknowledging the attack was ‘yet another unwelcome reminder of the threats facing British brands’.
He added: ‘JLR’s swift action in proactively shutting down and working to restore systems, along with their transparent messaging, shows commendable crisis management.
‘However, the severe disruption to retail and production activities highlights just how serious the impacts of cyber attacks can be.
“While the details of this latest attack have not been made public, it follows unconfirmed media reports from March that JLR was targeted by the Hellcat ransomware group.
‘In that incident, attackers allegedly used stolen Atlassian Jira credentials, obtained by malware, to access internal systems and steal sensitive data.
‘When faced with cyber attacks, companies may be forced to switch off OT [operational technology] systems as a precaution, to prevent the attack from spreading or causing physical damage.
‘Alternatively, the disruption could be a result of IT systems being so interconnected with production processes that any shutdown has a direct knock-on effect on manufacturing.
‘Either way, this will likely lead to delays, supply chain interruptions and challenges for deliveries to customers and retailers.’
Daily Mail has approached JLR for comment about the repair delays.
