Integrated wind company Vestas has started restoring IT systems after a cyber security breach caused it to shut down internal operations on 19 November.
Vestas reported on 20 November that it had suffered the cyber attack, saying it had been “impacted by a cyber security incident”. To contain the issue, IT systems were shut down across multiple business units and locations.
As part of its crisis management setup for cyber security, the company worked with its internal and external partners to contain the situation and re-establish the integrity of its systems.
Initially Vestas warned that customers, employees and other stakeholders may be affected by the shutdown of these systems; however, it was able to report on 22 November that although its preliminary findings indicated that the incident had impacted parts of its internal IT infrastructure and that data has been compromised, there was no indication that the incident had impacted third party operations, including customer and supply chain operations. Vestas’ manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution. Vestas has initiated a gradual and controlled re-opening of all IT systems and that work, and investigation of the incident, are still ongoing.
Vestas says it is doing its utmost to keep stakeholders informed about the situation, and will provide further updates when possible.