Statement on the cyber-attack at thyssenkrupp
thyssenkrupp has been the target of a cyber-attack. It has been a professional attack, apparently from the Southeast Asian region. According to our analyses, the aim was essentially to steal technological know-how and research from some areas of Business Area Industrial Solutions (espionage).Systems of Business Area Steel Europe were also affected. Specially secured IT systems for especially critical have not been concerned (e.g IT of Business Unit Marine Systems or production IT of blast furnaces and power plants in Duisburg). The same is true for the other productions systems and processes in the Group as well as for the quality of the products and services of thyssenkrupp. There have been no signs of sabotage and no signs of manipulation of data and applications or other sabotage.
The attack was discovered, continuously observed and analysed by thyssenkrupp´s CERT (Computer Emergency Response Team). Chief Information Officers of all Business Areas have been involved. The attacked IT systems have been revised. Since then, all of thyssenkrupp´s IT systems are being controlled for new attempted attacks (24/7 monitoring).
The IT functions of the Group have cooperated closely with the German organization for cyber-security DCSO, of which thyssenkrup is a member. The incident has been legally accompanied by the legal department, external lawyers as well as the relevant bodies of the works council. The regional data protection authorities and the national office for cyber security have been informed. tk has filed charges with the State Office for Criminal Investigation. The executive board of thyssenkrupp AG has been informed about the incident timely and continuously.
At present there is no reliable estimation as to the damage (e.g. loss of intellectual property) caused by the attack. It has been noted that fragments of data have been stolen in the areas involved in the attack. Content of this loss of data is not clear yet, with the exception of certain project data in an operative engineering company.
The incident is not attributable to security deficiencies at thyssenkrupp. Human error can also be ruled out. Experts say that in the complex IT landscapes of large companies, it is currently virtually impossible to provide viable protection against organized, highly professional hacking attacks. Early detection and timely countermeasures are crucial in such situations. thyssenkrupp has been successful in both respects. We continue to cooperate with several authorities as well as special cyber-crime units of the police force to develop cybersecurity at thyssenkrupp even further.
Cyber-attacks are a serious problem for the whole of industry. In a recent survey by the Federal Office for Information Security, 66 percent of participating companies reported they had been the target of hacking attacks. Only 44 percent of the companies affected successfully repelled the attacks.