UK government bails out Jaguar Land Rover with £1.5B loan after hack disrupts vehicle production for weeks

The U.K. government has confirmed it will guarantee a commercial bank loan of £1.5 billion ($2bn) for carmaking giant Jaguar Land Rover after a hack forced the company to shut down its carmaking production lines and left downstream suppliers at risk of bankruptcy. In a statement on Sunday, U.K. ministers said that the government-backed loan will “bolster JLR’s cash reserves so it can support its supply chain which has been greatly impacted by the shutdown.” JLR will have five years to pay back the loan. Companies across the U.K. that supply parts and products to JLR, many of which are small businesses, have been affected by the company’s weeks-long pause in vehicle production. The U.K. government said there are roughly 120,000 people in the broader supply chain whose jobs and work rely on JLR’s ongoing operations. BBC News reports that this is believed that this is the first time that a company has received financial assistance from the U.K. government following a cyberattack. JLR shut down its network on August 31 after detecting hackers in its system. Hackers associated with a financially motivated crime group linked to earlier hacks targeting the U.K. retail sector took credit for the breach. JLR later said that the hackers had stolen some company data from its systems, while staff were told to stay at home while the company rebuilt its network. JLR is said to have lost some £50 million as a result of the shutdowns. However, the company made about £2.5 billion in pre-tax profit during 2024, suggesting the company will be able to weather the financial storm. Industry journal The Insurer reports that JLR did not have cybersecurity insurance, which may have covered some of the costs of recovering from the breach. But some security experts have argued that the loan sends a signal that could encourage hackers and threat actors to target U.K. organizations if they think the U.K. government will bail out companies that have underinvested or cut their cybersecurity defenses. JLR, which is owned by India-headquartered Tata Motors, also faces criticism for its decision to outsource its cybersecurity teams to Tata’s IT and tech support arm, Tata Consulting Services (or TCS), in the years before the cyberattack. TCS, which provides IT helpdesk services like resetting employee passwords for companies around the world, is also thought to be the point of intrusion for the breaches at Marks & Spencer and the Co-op, two top U.K. retail giants that also were hacked by the same hacking group in recent months, per the BBC. In a statement Monday, JLR said it plans to resume car production “in the coming days.” The carmaker has already missed several deadlines for its recovery.