Hackers have published personal information belonging to employees of wind turbine manufacturer Vestas as part of a ransomware attack. In a statement, Vestas said that hackers had “managed to retrieve data from compromised internal file share systems” in a cyberattack in November.
Some of this information has since been published. The compromised data includes employees’ contact information, pictures, CVs, and employment contracts. “In some instances”, the data also includes bank account details, tax information, identification documents, and medical information.
A company statement said that “not all employees and business partners of Vestas have been affected by the cybersecurity incident and the majority of the compromised personal data is not of a sensitive nature”. The company also encouraged business partners and employees to “stay vigilant for any indications of misuse of their personal data”.
The hack of Vestas originally occurred on 19 November, causing the company to shut down its internal systems.
On Monday, Vestas issued an update, saying it had found no indication that the hack affected customer systems. Working with a third-party IT firm, the company has since resumed operations on its IT systems “with few exceptions”. However, the company confirmed that its data was leaked “and potentially offered to third parties”. The joint investigation continues.
Vestas president and CEO Henrik Andersen said: “We are pleased to say [the threat actors] failed in their attempt to extort Vestas. On behalf of executive management and the board of directors I want to thank everyone who has helped us get to the point we are now. Unfortunately, the attackers did manage to steal data from Vestas, and that data has been illegally shared externally.
“To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities. In that regard, we ask for continued support, understanding, and condemnation of criminal activities such as ransomware and illegal sharing of data”.
A ransomware attack indicates that the digital intruders offered to not publish the information in exchange for a payment from Vestas. The publication of this information indicates that Vestas has refused to pay the hackers.