Cyber Incident Victim: Hanwha Q CELLS

On July 14, 2024, a cyberattack targeted the German operations of Hanwha Qcells, a provider of solar installations and energy services. The intrusion compromised portions of the company’s customer and business partner databases, resulting in unauthorized access to personal data. The threat actor group "Abyss" claimed responsibility for the breach, which involved exfiltration of sensitive information including names, addresses, telephone numbers, email addresses, passwords, and bank account details. Hanwha Qcells confirmed the incident after notifying affected customers via written correspondence and initiated system restoration efforts. By early August 2024, Abyss escalated its campaign by publishing an entry on its leak site threatening to release the stolen data on August 9, though the final publication status remains unconfirmed in available reporting. The company did not disclose the total number of impacted individuals or business partners.

The breach triggered coordinated responses from law enforcement and regulatory bodies, including the State Criminal Police Office (Landeskriminalamt) and the Data Protection Commissioner of Saxony-Anhalt. Hanwha Qcells advised customers to remain vigilant for phishing attempts and credential-stuffing attacks, urging immediate password resets for its Online Shop and Q Partner Portal as well as any other platforms sharing reused credentials. While operational recovery efforts were underway, the company did not specify whether ransomware deployment or system encryption occurred during the incident. The attack marked the latest in a series of cybersecurity incidents affecting the solar energy sector, though prior breaches referenced in the article lack specific contextual details. Potential secondary risks included fraudulent communications exploiting stolen personal data and unauthorized account access attempts across unrelated services using compromised login credentials.