Jaguar Land Rover (JLR) plans to resume some of its car-making over the next few days, in the wake of the government’s weekend announcement that it will back the company with a £1.5bn loan guarantee to support its supply chain.
According to the BBC, it is believed to be the first time a company has received government help as a result of a cyber attack.
The union Unite, which represents many thousands of workers employed at JLR and throughout its supply chain, has described the government’s financial support of the company as an “important first step”.
Unite general secretary Sharon Graham said: “This is an important first step and demonstrates that the government has listened to the concerns raised in meetings with Unite over recent days. This is exactly what the government should be doing – taking action to protect jobs.
“The money provided must now be used to ensure job guarantees and to also protect skills and pay in JLR and its supply chain.”
By contrast, the Financial Times has reported disquiet among free marketeer commentators that the loan is the thin end of a wedge of government support for private sector companies, quoting Tom Clougherty, executive director of the Institute of Economic Affairs: “Will every cyber attack now result in calls for a taxpayer bailout? Will companies be less inclined to insure themselves against such risks?” And Jamie MacColl, senior research fellow at the Royal United Services Institute, told the FT there is a “moral hazard” risk of companies eschewing cyber insurance.
Insurance industry journal Cyber Risk Insurer revealed last week that JLR did not have cyber insurance at the time of the attack.
JLR was hit with a massive cyber attack on 31 August, from which it is only tentatively beginning to recover.
Some of the company’s financial IT systems were restarted on 25 September, according to the BBC. These were said to be aiding with payments due to suppliers.
In today’s cyber incident statement, posted on its website, JLR said: “As the controlled, phased restart of our operations continues, we are taking further steps towards our recovery…. Today, we are informing colleagues, retailers and suppliers that some sections of our manufacturing operations will resume in the coming days.
“We continue to work around the clock alongside cyber security specialists, the UK government’s NCSC [National Cyber Security Centre] and law enforcement to ensure our restart is done in a safe and secure manner.”
Meanwhile, cyber security threat analysis firm Cyfirma has identified the Scattered Spider Lapsus$ Hunters group as the likely attacker, noting also that the Hellcat ransomware group targeted JLR earlier this year in separate attacks, exfiltrating hundreds of internal documents and compromising employee data through stolen Jira credentials.
Cyfirma’s report notes that a Telegram channel calling itself Scattered Lapsus$ Hunters claimed responsibility for Jaguar Land Rover’s cyber security incident in the early days, sharing a screenshot of JLR’s internal IT systems.
The channel’s name merges three English-speaking hacker collectives: Scattered Spider, Lapsus$ and ShinyHunters.
The firm also noted that ShinyHunters Collective has previously been linked to cyber attacks on UK retailers.
“Researchers, media outlets and our own assessment indicate with medium confidence that the group ShinHhunters [sic] Collective may be responsible,” it said.
However, Jaguar Land Rover has yet to report specific details of the attack.
West Midlands MP Liam Byrne, who is chair of the Commons Business and Trade Select Committee, told the BBC that further government intervention might be needed to provide financial backing for JLR and its supply chain.
