The Dax Group informs active and former employees by letter if their personal data has been leaked in the course of the cyber attack.
(Photo: dpa)
Dusseldorf After the cyber attack on Continental, the automotive supplier had to send tens of thousands of letters to those affected whose data had fallen into the hands of hackers. A spokesman told the Handelsblatt that the employees had just begun to be contacted, and the first German employees received letters in early February.
In the summer of last year, Continental fell victim to what is probably the biggest data theft in German economic history. Hackers from the Lockbit ransomware group had succeeded in penetrating the automotive supplier’s IT systems. They stayed undetected in the Conti network for a month and captured 40 terabytes of data.
In addition to data from Continental itself and customers such as Volkswagen, the cybercriminals were also able to copy personal data from active and former employees, as the Handelsblatt reported in November. Continental assumes “at the current state of knowledge” that “a low to mid five-digit number of employees” will be affected.
The General Data Protection Regulation (GDPR) stipulates that companies must inform data subjects individually if there is “a high risk to personal rights and freedoms”. Continental opted for the postal route because it was “the safest and fastest option”.
The group also wants to organize town halls at locations with affected employees, in which they are informed about their rights and legal options. The company has also set up a hotline for those affected.
Continental advocates a ban on ransom payments
The criminal organization Lockbit has so far only published a list of the stolen files on its blog on the dark web, not the files themselves. They initially demanded 50 million US dollars from Continental. She later lowered the price to $40 million. Continental emphasizes that the group does not want to be blackmailed.
>> Also read: New global cyber attack also causes damage in Germany
According to the company, it is in contact with politicians. A spokesman said he used common exchange formats and channels to discuss the correct way to deal with cyber attacks with political decision-makers. Continental would like “a clear legal framework” – also with a view to ransom demands.
According to a study by the IT service provider Sophos, 42 percent of all German companies pay the demanded ransom when hacker groups like Lockbit blackmail them. This is sometimes not only cheaper. There are also insurance companies that reimburse at least part of the costs.
At the same time, paying companies have no security that their data will not end up on the Internet. As a target willing to pay, they are attractive for further attacks. On top of that, they support criminal organizations and allow them to reinvest the money into more staff and better technology.
>> Read also: The chronology of the hacker attack at Conti
Continental is therefore calling for a legal ban on ransom payments. “We are now addressing this request to politicians,” said a company spokesman. The supplier is in exchange with state secretaries and various officials, among other things. Continental has its own lobby office in Berlin.
Politicians are familiar with the debate about such a ban. The Federal Ministry of the Interior states that “a report” is currently being drawn up in the structures of the Conference of Interior Ministers.
The Federal Criminal Police Office (BKA) and the Federal Office for Information Security (BSI) have been warning for years against engaging in digital blackmail. The calculus: If nobody pays, the business model dies out.
Critics, on the other hand, warn that companies willing to pay will continue to pay. They would only stop contacting the authorities, which would mean that even fewer attacks would be known than they already were. That in turn would make the fight against the blackmailers even more difficult.
The group does not want to reveal what damage the cyber attack has caused at Continental so far. A spokesman said there was no report on this at the moment. Continental has taken out insurance “for various risks”. The group does not want to say whether the damage is covered by this.
Continental is still working on the analysis of the leaked data. More than 300 employees and a team from the auditing company KPMG are busy with the processing. Continental boss Nikolai Setzer also wants to further expand the group’s IT security.
More: “We are strengthening our capacities”: Continental CEO Nikolai Setzer is expanding cyber security.