BERLIN — Continental has publicly commented on the progress of its investigation into the August cyberattack on its suppliers, saying it will take “a few more weeks” to deal with the hack.
The company made the announcement on Monday in a website post containing information about the attack and its subsequent timeline, as well as an ongoing investigation.
This post consists of 8 questions and answers primarily aimed at your company’s employees. As an employer, it says the company is doing everything it can to “analyze and assess data for possible exposure of sensitive personal data.”
This is the first time Continental has publicly disclosed the status of its investigation since the attack was discovered in August.
The supplier disclosed the attack in August. At the time, it said the attack was averted.
german business newspaper Handelsblatt reported in early November that hackers stole about 40 terabytes of data from the company.
The theft is said to include sensitive data from customers such as the Volkswagen Group, information on supervisory board meetings and communications from chief controller Wolfgang Leitzle.
Current and former employees were also affected, according to the report.
A list of stolen data published by hackers on the darknet suggests that personal data such as salary slips, ID cards, job applications, birth certificates have fallen into the hands of cybercriminals .
Continental said it could not yet determine what the outcome would be for “potentially affected employees and other reference groups in the company” as the investigation is ongoing.
The FBI is also involved in the investigation.
Continental did not provide information about possible economic impacts in its statement.
Part of the reason for the lengthy internal investigation is due to the extent of the data breach.
The company has to analyze over 55 million file entries from darknet listings.
Another complicating factor is the data protection considerations that audits must take. The General Data Protection Regulation (GDPR) stipulates that businesses must notify those affected by a data breach if there is a “high risk to individual rights and freedoms”.
The attackers gained access to Continental’s systems “through disguised malware” run by one employee.
Cybercriminals initially demanded $50 million for the data set, but later lowered the price to $40 million.
Based in Hannover, Germany, Continental ranks eighth in the ranking. car news europe A list of the world’s top 100 suppliers, with $22.4 billion in sales to automakers in 2021.