Personal information stolen from Vestas (VWS.CO) by hackers in a ransomware attack last month has been made public, the company announced late Wednesday.
Vestas had to close down IT systems across various business units and locations on Nov. 19 due to a cyber security incident.
Vestas is a prominent North American wind turbine producer, installer, and service provider, with 40,000 MW installed and 36,000+ MW in operation in the United States and Canada.
The Danish firm stated that it was able to continue operations despite the fact that information had been compromised.
Vestas said in a statement, "The hackers managed to retrieve data from the compromised internal file share systems and have made some of the compromised data public."
The majority of the leaked data is personal information including such names, contact information, and CVs, but there are also instances of more sensitive data such as social security numbers and bank account information, it added.
"Due to the potential risk caused by the leak of personal data, Vestas encourages all employees and business partners to continue to stay vigilant of any indications of misuse of their personal data."
Ransomware which has dominated cybersecurity threats this year encrypts victims' data and can even shut down an organization's network or steal data.
In most cases, hackers will give the victim a key in exchange for cryptocurrency payments in the hundreds of thousands or even millions of dollars.
Critical Infrastructure
Vestas employs 25,000 people and has production sites in 16 countries, with a revenue of over a billion USD per year.
Vestas plays a critical role in delivering such services as governments accelerate the adoption of pollution-reduction regulations and roll out renewable energy investment initiatives.
Vestas was already dealing with supply chain challenges and rising material prices, so this cyberattack struck at an especially inconvenient moment. As ransomware gangs ramp up their attacks in search of higher payments, critical infrastructure has become increasingly vulnerable to cyberattacks.
Ireland's Health Service Executive, meat producer JBS, and US gasoline pipeline Colonial Pipeline have all been targets of previous attacks on critical infrastructure.