COPENHAGEN (Reuters) – Personal data stolen from wind turbine maker Vestas by hackers in a so-called ransomware attack last month has been made public, the firm said late on Wednesday.
A cyber security incident on Nov. 19 forced Vestas to shut down IT systems across multiple business units and locations to contain the issue.
The Danish company said it was able to continue operations but that data had been compromised.
“The hackers managed to retrieve data from the compromised internal file share systems and have made some of the compromised data public,” Vestas said in a statement.
It added that the majority of compromised data includes personal information such as names, contact details and CVs but also some cases of more sensitive information such as social security numbers and bank account information.
“Due to the potential risk caused by the leak of personal data, Vestas encourages all employees and business partners to continue to stay vigilant of any indications of misuse of their personal data,” it said.
Ransomware, which has dominated cybersecurity threats this year, encrypts victims’ data and can include locking down an organisation’s network or stealing data.
Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars.
(Reporting by Stine Jacobsen; editing by Jason Neely)
