Cyber Incident Victim: Dacia

The global cyberattack impacting multiple countries on May 12, 2017, disrupted operations at Automobile Dacia's Mioveni plant in Romania. On the morning of May 13, IT system malfunctions forced the company to halt partial production activities and send multiple employees home as a containment measure. Dacia's management activated a crisis cell to monitor the situation, explicitly attributing these disruptions to the worldwide cyber incident in their public statement. Parent company Renault simultaneously suspended manufacturing at its French facilities, confirming the attack's multinational impact across their corporate infrastructure. The incident occurred during a coordinated wave of ransomware attacks exploiting vulnerabilities in documents leaked from the U.S. National Security Agency (NSA), though Dacia did not specify whether data encryption or ransom demands directly affected their systems.

This ransomware campaign employed file-blocking techniques demanding Bitcoin payments, consistent with the WannaCry attacks that paralyzed organizations across 150 countries during the same timeframe. Romanian Communications Minister Augustin Jianu acknowledged the absence of mandatory breach reporting laws preventing authorities from determining which companies or state institutions suffered impacts. Jianu emphasized the necessity for Romania to align legislation with the EU's Network and Information Security (NIS) Directive, which mandates cybersecurity standards for essential service providers and digital operators. The lack of regulatory obligations left CERT-RO, Romania's national cybersecurity response team, dependent on voluntary incident reports from affected entities. No further technical details regarding Dacia's system recovery timeline, data loss, operational downtime duration, or financial consequences were disclosed in available public communications.