Vestas Says Stolen Data Leaked by Cyber Attackers

Danish wind turbine manufacturer Vestas has confirmed that the data stolen in the recent cyber security incident has been leaked by the attackers and potentially offered to third parties.

Vestas also said that it has reasons to believe that the leaked data mostly relate to Vestas’ internal matters.

As reported, Vestas discovered a cyber security incident which involved external attackers gaining unauthorised access to some of Vestas’ IT systems on 19 November.

Following investigations, forensics, restoration activities, and hardening of the company’s IT systems and IT infrastructure together with external partners and experts, all systems are, with very few exceptions, up and running, Vestas said.

The work and investigations are still ongoing, and Vestas said that there is still no indication that the event has impacted customer and supply chain operations, a view which is said to be supported by third-party experts.

During the attack, data was illegally retrieved from the company’s IT systems and the attackers have since threatened to publish the stolen data. When the attack was discovered, Vestas immediately involved relevant authorities and IT security experts and initiated a forensics investigation to identify the data that had been compromised and any individuals whose personal data could have been affected.

”On 19 November Vestas discovered an attack from a threat actor, which we are pleased to say failed in their attempt to extort Vestas,” Henrik Andersen, President and Chief Executive Officer of Vestas, said.

”Our resilience in such a difficult situation is strengthened by the support we have received from our customers, employees, suppliers, and other partners, and on behalf of Executive Management and the Board of Directors I want to thank everyone who has helped us get to the point we are now. Unfortunately, the attackers did manage to steal data from Vestas, and that data has been illegally shared externally. To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities. In that regard, we ask for continued support, understanding and condemnation of criminal activities such as ransomware and illegal sharing of data.”

Vestas is investigating what personal data is affected by the attack. The company will initiate communicating to affected parties within the next few days.