The UK government will provide Jaguar Land Rover with a government-backed loan of £1.5 billion ($2 billion) to restore its supply chain after a large-scale cyberattack that forced the automaker to halt production.
Jaguar Land Rover (JLR) is an independent company within India’s Tata Motors.
Tata Motors acquired the Jaguar and Land Rover brands from US automaker Ford in 2008 for $2.3 billion, and in 2013 they were fully merged into a single company, Jaguar Land Rover.
JLR employs around 39,000 people and produces over 400,000 vehicles a year. The total number of jobs supported by JLR is estimated to be at least 100,000 worldwide.
The loan guarantee will be provided to the company through the UK Export Finance agency’s Export Development Guarantee (EDG) programme, which reduces risks for lenders by covering the majority of the loan in the event that JLR fails to meet its loan repayment obligations.
Under this programme, the UK government does not issue a loan to JLR directly; instead, it guarantees a loan from a commercial bank. This enables the company to secure a much larger loan on more favourable terms than it could obtain on its own after such a serious incident.
The loan must be repaid within five years and is intended to provide financial support to JLR, enabling the company to settle with suppliers and restore the supply chain.
“This cyberattack was not only an assault on an iconic British brand, but also on our leading automotive sector, and on the men and women whose livelihoods depend on it,” said Business and Trade Secretary Peter Kyle. “Thanks to our decisive action, this loan guarantee will help support the supply chain and safeguard skilled jobs in the West Midlands, Merseyside, and across the United Kingdom.”
Recall that news of the attack on JLR first emerged in early September 2025, when the company said it had been forced to shut down a number of systems due to a cyber incident.
At the time, the company acknowledged that retail and manufacturing operations had been severely disrupted. JLR dealers in the UK also reported disruptions, having lost the ability to register new vehicles and supply parts to service centres.
As media reported at the time, the attack forced JLR to shut down a number of systems, including those used at the company’s manufacturing facility in Solihull (this is where the Land Rover Discovery, Range Rover and Range Rover Sport models are assembled). Employees at the Halewood plant were also sent an email asking them not to come to work.
As later emerged, overseas facilities in China, India, and Slovakia were also forced to halt operations, and Jaguar Land Rover representatives confirmed that during the attack the hackers managed to steal “some data”. JLR did not specify what kind of data these were, or whether the leak might have affected the company’s customers.
According to economists’ estimates, JLR’s daily losses from the production shutdown amount to £5–10 million (from 574,000,000 to 1,148,000,000 rubles). Since Jaguar Land Rover’s annual revenue in 2024 totalled £29 billion, JLR is expected to cope with the financial losses; however, for smaller companies in the supply chain the consequences could prove far more serious, and some may even go bankrupt.
This incident quickly became one of the largest cyberattacks in the country’s history. It is expected that this cyberattack could affect the UK’s overall economic growth figures.
As previously reported by Bleeping Computer, cybercriminals from Scattered Lapsus$ Hunters (a coalition of members from the hacker groups Scattered Spider, LAPSUS$, and Shiny Hunters) stated on their Telegram channel that they were involved in the attack on JLR. The attackers published screenshots of the automaker’s internal SAP system and claim to have deployed ransomware on the compromised systems.
Interestingly, experts believe that government support for the automaker may encourage cybercriminals to continue attacking British companies. For example, well-known infosec expert Kevin Beaumont writes that if he were a hacker, he would definitely focus all his attention on the United Kingdom.
Yesterday, 29 September 2025, JLR representatives announced the start of a planned resumption of operations: production is due to restart in a few days.
“We continue to work around the clock with cybersecurity specialists, the UK’s NCSC, and law enforcement to ensure a safe and reliable resumption of operations,” the company says.