After being hit by a cyber attack, Vestas informed that the attackers managed to steal personal data, and that data has been illegally shared externally.
o remind, on 19 November 2021, Vestas discovered a cyber security incident which involved external attackers gaining unauthorised access to some of Vestas’ IT systems.
After investigations and restoration activities all systems are, with very few exceptions, up and running. The work and investigations are still ongoing, and Vestas still has no indication that the event has impacted customer and supply chain operations.
However, during the attack, data was illegally retrieved from its IT systems and the attackers have since threatened to publish the stolen data.
When the attack was discovered, Vestas immediately involved relevant authorities and IT security experts and initiated a thorough forensics investigation to identify the data that had been compromised and any individuals whose personal data could have been affected
said the company.
The investigations are still ongoing, but Vestas can confirm that the stolen data has been leaked by the attackers and potentially offered to third parties. Vestas has reasons to believe that the leaked data mostly relate to Vestas’ internal matters.
Henrik Andersen, President and Chief Executive Officer, stated:
Unfortunately, the attackers did manage to steal data from Vestas, and that data has been illegally shared externally. To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities
Vestas is now investigating what personal data is affected by the attack. Through notification the company will initiate communicating to affected parties within the next few days.