Turbine manufacturer Vestas has warned staff and business partners to “stay vigilant” after hackers published stolen personal data online.
Russian cyber crime cell Lockbit published the data on the dark web — a section of the internet that enables users to communicate anonymously without being indexed by search engines, a Vestas spokesman told Windpower Monthly.
The data breach – stemming back to a hack on 19 November – covers names and contact details like emails and phone numbers, as well as more sensitive information, including identification documents such as passports and work permits, social security numbers and bank account information.
Not all of Vestas’s employees and business partners have been affected, and the majority of the compromised personal data is not of a sensitive nature, the turbine manufacturer stated.
It confirmed that the hackers have published “some” of the data, but would not confirm the number of individuals affected or the amount of data that was stolen.
An investigation is still ongoing, however, Vestas does not believe that data outside of its internal file share systems has been compromised.
The investigation so far suggests that the hackers had not specifically targeted personal data. However, they retrieved files from Vestas’s internal files systems, which included personal data, the manufacturer explained.
Vestas plans to notify affected individuals “if it is assessed that this is appropriate given the risk to such individuals”. It has also set up a dedicated email for questions and concerns about the data breach.
In a statement issued following publication of the data, it encouraged all employees and business partners to “stay vigilant of any indications of misuse of their personal data”.
The wind power sector has long seen the potential for cyber disruption.
An IEA report last year mentioned cyber attacks as one of the key threats to wind power and other renewable power sources, while insurer GCube warned of cyber threats becoming more prevalent during the Covid-19 pandemic.