Danish wind turbine maker Vestas said the cyber-attack it reported at the weekend has affected parts of its internal IT infrastructure and that data has been “compromised”.
In addition to concerns over the nature of any data breach, near-term market focus will also be on production delays and related costs, including the cost of resolving the issue, Citi analysts said in a research note.
The cyber security incident on 19 November forced Vestas to shut down IT systems across multiple business units and locations to contain the issue, but the Danish company said it has been able to continue operations.
The preliminary findings of its investigation into the matter also found that its customers were unaffected by the incident.
“There is no indication that the incident has impacted third party operations, including customer and supply chain operations,” its statement said, adding that it had started a gradual reopening of all IT systems.
Vestas is already under pressure from supply chain woes but said that its manufacturing, construction and service teams had been able to continue operations despite the attack.
Vestas, which operates in 80 countries across five continents, including the UK, US, Germany, Italy, the Netherlands, Taiwan, India, Australia, China, and Brazil, is the world’s biggest wind turbine manufacturer and servicer, employing approximately 25,000 people.
The company has not named the perpetrator of the attack, or whether the cyber-attack involves ransomware.
The attack follows a number of similar incidents involving US infrastructure providers including Colonial Pipeline and the Texas Power Grid, as well as UK energy player Npower.
Recent research conducted by cyber security firm Hornet security found that the energy sector has been a leading target for cyber criminals, accounting for at least 16% of officially known attacks.