Wind turbine giant Vestas says data was compromised in security incident

One of the world’s largest wind turbine manufacturers, Vestas Wind Systems, says it’s contending with a cyberattack that forced the firm shut down some of its IT systems.

The Danish company said Monday that it’s investigating the security incident, discovered Nov. 19, and mitigating the impact.

Vestas has “together with external partners worked around the clock to contain the situation and re-establish the integrity of its IT systems,” it said in a statement. “The company’s preliminary findings indicate that the incident has impacted parts of Vestas’ internal IT infrastructure and that data has been compromised.”

Vestas, long considered an industry leader with a reported $34 billion in market value, watched a dip in stock value as word of the apparent breach spread.

“There is no indication that the incident has impacted third party operations, including customer and supply chain operations,” the company’s Monday update states. “Vestas’ manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution. Vestas has already initiated a gradual and controlled reopening of all IT systems.”

These are uncertain times for the wind turbine business, where supply chain woes and questions about the future of U.S. tax credits counterbalance rising demand. General Electric, for one, has increasingly invested in wind turbine technology.

The energy sector has long been a target of cyberattacks, ranging from a 2016 attack on Ukraine’s power grid to a 2017 attack on Saudi Aramco. Most recently, an attack on Colonial Pipeline led to a fuel panic on the East Coast this summer and prompted additional U.S. cybersecurity regulations on pipeline operators.