Cyber Incident Victim: FACC AG

On January 19, 2016, Austrian aerospace components manufacturer FACC AG publicly disclosed a cyber fraud incident targeting its financial accounting department. The attack exploited vulnerabilities in communication and information technology systems, resulting in the unauthorized transfer of approximately €50 million (equivalent to roughly $55 million) in company funds. Forensic and criminal investigations confirmed the fraudulent activities were isolated to the financial accounting division of FACC Operations GmbH, with no compromise detected in broader IT infrastructure, intellectual property, data security systems, or core operational business functions. The company immediately engaged law enforcement authorities in Austria upon discovery and initiated a comprehensive forensic investigation to determine the attack methodology and scope. Management emphasized business continuity, stating production and engineering operations remained unaffected and that the incident posed no immediate liquidity risk to corporate operations.

The financial impact extended beyond direct monetary losses, triggering a 17% decline in FACC's stock price by market close on the disclosure date. While evaluating the full extent of damages, company leadership maintained public assurances regarding operational stability and financial resilience. The incident drew comparisons to a similar 2015 cyber fraud case involving Ryanair, where €4.6 million was diverted via fraudulent transfer to a Chinese bank, though no evidence linked the two attacks at the time of reporting. FACC's response prioritized containment of financial systems, collaboration with investigative authorities, and maintaining stakeholder confidence through transparency regarding unaffected business segments. The breach highlighted vulnerabilities in financial transaction processes within specialized manufacturing supply chains, particularly those servicing major aerospace clients like Boeing.