- Quick Look at the 2020 Volkswagen Atlas Cross Sport | MotorTrend - March 13, 2024
- BMW Design – 2009 BMW Z4 – 2009 Detroit Auto Show - March 11, 2024
- Top 10 Car Features Women Love - October 7, 2023
BERLIN — Continental has publicly commented on the progress of an investigation into an August cyberattack at the supplier, noting it will take “several more weeks” to deal with the hack.
The company made the announcement in a post on its website on Monday, including a timeline of the attack and the aftermath, as well as information about the ongoing investigation.
The post consists of eight questions and answers aimed primarily at its own employees. It states that, as an employer, the company is doing everything it can “to analyze and evaluate the data with regard to the possible exposure of sensitive personal data.”
It is the first time since the attack became known in August that Continental has made a public announcement about the status of the investigation.
The supplier made the attack public in August. At the time, it said the attack had been averted.
German business newspaper Handelsblatt reported in early November that the hackers had stolen around 40 terabytes of data from the company.
The theft was said to include sensitive data from customers such as Volkswagen Group, information on supervisory board meetings and correspondence from chief controller Wolfgang Reitzle.
Active and former employees were also affected, according to the report.
A list of the stolen data published by the hackers on the darknet suggests that personal data such as salary letters, ID cards, job application letters and birth certificates fell into the hands of the cybercriminals.
Continental said it is still unable to specify with the consequences will be “for potentially affected employees and other reference groups of the company” due to the ongoing investigation.
The FBI is also involved in the investigation.
Continental did not provide any information on the possible economic consequences in the statement.
The reason for the lengthy internal investigations is partly due to the extent of the data leak.
The company must analyze more than 55 million file entries from the list in the darknet.
Another complicating factor are the data protection considerations the audit must take, including the General Data Protection Regulation (GDPR), which stipulates companies must inform those affected by data leaks if there is a “high risk to personal rights and freedoms.”
The attackers gained access to Continental’s systems “by means of a disguised malware” that had been executed by a single employee.
The cybercriminals initially demanded $50 million for the data set but have since lowered the price to $40 million.
Continental, based in Hanover, Germany, ranks No. 8 on the Automotive News Europe list of top 100 global suppliers, with 2021 sales to automakers of $22.4 billion.