Vestas today confirmed that attackers have leaked the stolen data to third parties. Vestas said that the leaked data mostly relate to Vestas’ internal matters.
“The attackers did manage to steal data from Vestas, and that data has been illegally shared externally. To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities,” Henrik Andersen, President and Chief Executive Officer, Vestas said.
Vestas said it is investigating what personal data is affected by the attack.
On 19 November 2021, Vestas discovered a cyber security incident which involved external attackers gaining unauthorised access to some of Vestas’ IT systems. Following extensive investigations, forensics, restoration activities and hardening of IT systems and IT infrastructure together with external partners and experts, all systems are, with very few exceptions, up and running.
Vestas said the event has not impacted customer and supply chain operations.
During the attack, data was illegally retrieved from IT systems and the attackers have since threatened to publish the stolen data. Vestas involved relevant authorities and IT security experts and initiated a thorough forensics investigation to identify the data that had been compromised and any individuals whose personal data could have been affected.