Vestas has confirmed that data stolen during a cybersecurity incident on 19 November has been leaked by the attackers and potentially offered to third parties.
The company said it has reasons to believe that the leaked data mostly relate to Vestas’ internal matters.
Vestas president and chief executive Henrik Andersen said: “Unfortunately, the attackers did manage to steal data from Vestas, and that data has been illegally shared externally.
“To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities.
“In that regard, we ask for continued support, understanding and condemnation of criminal activities such as ransomware and illegal sharing of data.”
Vestas added that following extensive investigations, forensics, restoration activities and hardening of our IT systems and IT infrastructure together with external partners and experts, all systems are, with very few exceptions, up and running.
“The work and investigations are still ongoing, and Vestas still has no indication that the event has impacted customer and supply chain operations, a view which is supported by third-party experts,” the company said.
Vestas said it is investigating what personal data is affected by the attack.
“Through notification we will initiate communicating to affected parties within the next few days,” it said.
Vestas added: “(We) would like to emphasise our commitment to protect personal data used by Vestas to operate our business and will provide an update as soon as we know more.”
Andersen said: “Our resilience in such a difficult situation is strengthened by the support we have received from our customers, employees, suppliers, and other partners, and on behalf of Executive Management and the Board of Directors I want to thank everyone who has helped us get to the point we are now.”