Vestas CEO confirms hackers ‘leaked data stolen from wind turbine manufacturer’

Hackers shared data from Vestas’s IT systems and offered it to third parties, the turbine manufacturer has confirmed.

Vestas believes the leaked data mostly relates to the company’s internal matters and has no reason to believe that customer and supply chain operations were impacted.

Third-party experts also believe customer and supply chain operations were not impacted, Vestas stated.

The company is investigating what personal data has been affected by the attack, it added.

CEO Henrik Andersen said: “To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities.”

Andersen added that the company had not been extorted after external attackers hacked into the Danish company’s IT systems on 19 November. 

Vestas had shut down its IT systems across multiple business units and locations to contain the issue.

Today (6 December), it confirmed that “all systems are, with very few exceptions, up and running”. Since the attack, Vestas has worked with external partners and experts to carry out extensive investigations, forensics, restoration activities and hardening of its IT systems, it stated.

The wind power sector has long seen the potential for cyber disruption. 

An IEA report last year mentioned cyber attacks as one of the key threats to wind power and other renewable power sources, while insurer GCube warned of cyber threats becoming more prevalent during the Covid-19 pandemic.