- UK government’s £1.5B bailout of JLR sparks criticism as “unfortunate precedent”
- 2025 cyberattack by Scattered Lapsus Hunters shut down production, costing UK economy up to £1.9B
- Experts urge clear bailout framework instead of ad-hoc responses to major cyber incidents
Not everyone is happy with the fact that the UK government is bailing out Jaguar Land Rover (JLR) after the catastrophic 2025 cyberattack, with some calling it an “unfortunate precedent”.
Last week, the UK Cyber Monitoring Centre held a “2025 Year in Review” event, hosted by the RUSI Cyber and Tech team. Among the speakers were Ciaran Martin, Chair of the Cyber Monitoring Centre Technical Committee and RUSI Distinguished Fellow, Baroness Tracey Paul, Chief Strategy and Communications Officer, Pool Re, and Gaven Smith, CMC Technical Committee Member and Former Director General for Technology at GCHQ.
Commenting on the fact that the UK government announced a £1.5 billion bailout package for the troubled carmaker, Martin said: "I think the loan guarantee is an unfortunate precedent because the government intervened in a case-specific way... without clear criteria. Otherwise you'll just end up with a series of ad hoc precedents that will leave nobody any the wiser."
Scattered Lapsus Hunters
The JLR attack began in late August 2025, when hackers breached internal IT systems, forcing the company to shut down global production. Factories were idle for about five weeks, staff were sent home, and supply chains across thousands of businesses were disrupted.
A group called Scattered Lapsus Hunters claimed responsibility for the attack which caused hundreds of millions in direct losses, pushed the company into a quarterly loss, and is estimated to have cost the UK economy up to £1.9 billion overall.
In late September 2025, Business Secretary Peter Kyle announced JLR would be getting a loan from a commercial bank, backed by the Export Development Guarantee (EDG) provided by export credit agency UK Export Finance. The loan would be paid back over five years and would give JLR enough cash reserves to support its supply chain.
But for Martin, solving these cases ad-hoc is not the way forward. "It would be better to have a framework... rather than a response to events," he said.
Scattered Lapsus Hunters stole a mix of corporate and personal data, including payroll and HR information, internal documents, development logs, and even proprietary source code. Since they were moving laterally throughout the network, JLR had to shut down its own systems to contain the attack and prevent further spread.
Via The Register
