Cyber Incident Victim: Westfälische Stahlgesellschaft

On June 9, 2024, Westfälische Stahlgesellschaft experienced a ransomware attack where threat actors downloaded data from company systems and encrypted critical IT infrastructure. The intrusion was detected the following morning (June 10) through established incident response protocols and cybersecurity training procedures, prompting immediate disconnection of all internet-facing systems to contain the breach. Attackers compromised business relationship data containing contact details of external partners' employees, though the company confirmed no sensitive personal or financial information was stored in affected systems. Production operations remained uninterrupted throughout the incident, with all delivery commitments maintained. Restoration efforts commenced promptly using uncontaminated backups, recovering most systems and datasets without data loss.

The organization notified relevant EU data protection authorities within GDPR-mandated timelines and issued two communications to business partners regarding potential exposure of employee contact information. A joint forensic investigation by internal and external experts remains ongoing, with no preliminary findings disclosed publicly. While data reconstruction neared completion, residual risks included potential misuse of exfiltrated contact details for business email compromise schemes such as fraudulent invoice campaigns. Security infrastructure featuring multi-factor authentication and endpoint detection systems was operational pre-attack, though specific vulnerability remediation details were withheld for security reasons. Legal teams classified the event as a GDPR Article 33 personal data breach but anticipated no regulatory penalties. Standard communication channels remained available for partner inquiries, with further updates contingent on investigative developments.