ThyssenKrupp Targeted by Cyber Thieves – What Did They Take?

ThyssenKrupp announced this week that they were targeted by cyber thieves.  They said the attack was “massive”, but have not given any specifics of the attack.  We seem to be seeing that a lot lately.  Hey everyone, we’ve been hacked but we are not going to say what got taken.  It is a bit strange.

There are three types of data that hackers usually go after:

  1. Credit cards
  2. Health information
  3. Intellectual property

Credit cards get most of the attention even though it is the easiest to fix (kill the old card and get a new one).

Health information is in the middle because it is pretty hard to get a new blood type.  Health information persists and cannot be replaced, so hackers who have that information can use it for a long time.

That being said, the most dangerous hack is the one where they take a company’s intellectual property.  That just happened to Gorilla Glue.  The hackers got all of their design information and even family pictures (it is a family owned company).  What do you do if that happens?

If the hackers take it, it cannot be replaced.  If it becomes public, it can’t be hidden again.  It is truly a genie that got out of the bottle.

So, in ThyssenKrupp’s case, here is what little information they have disclosed.

First, the attack, they say, was massive.  They don’t define massive

The attack was discovered in April (yes, that would mean that they waited 7 months to tell you about it).

In another article they said that the reason that they waited this long was because they had a major project to boot the bad guys out and they wanted to complete that before they announced the breach.

The attack started in February.

The hackers stole project data from the plant engineering division (ThyssenKrupp is a steel company, among other things, so they own lots of major industrial plants).

The hackers stole other stuff, but they are not sure what, yet.

ThyssenKrupp said the attackers were from Southeast Asia, but didn’t say who they are.  I can think of one possible country in Southeast Asia – China!  Just a guess.

They don’t know how much stuff was taken and what the economic impact was.  They did say that among the stuff that was taken were “technical trade secrets”.

Unlike the cyber attack, also in Germany, a few years ago that severely damaged a blast furnace (possibly theirs, the company was never announced), this time they say that their blast furnaces and power plants were not affected.

In this case, at least in the United States, since no non-public personal information was taken (at least not that they are aware of yet), the breach probably could have remained secret.  German rules may be different and if the breach was material to the balance sheet, they might have had to disclose it, so that may be why they are tattling on themselves.

The fact that, 7 months later, they still don’t know what was taken indicates that their logging was somewhat lacking.

The fact that it took them from April to now to kick the bad guys out may mean that the hackers had their hooks in pretty deep.

The fact that they don’t know the financial impact of what was taken is because it is hard to value the impact of a company’s intellectual property being heisted.

Likely this is a pretty significant event and costing a lot of time and money to deal with.  Also possible is that they didn’t think a hack would happen to them and they were not prepared.

Hopefully we will get more information over time – stay tuned.

The food for thought for other U.S. businesses is are you prepared for something like this?  What would you do if it happened to you.  The bad news is that it is likely a WHEN not an IF that something bad like this will happen to your company.

Information for this post came from Fortune.


Leave a Reply

Your email address will not be published.