LG Energy Solution, a prominent South Korean battery company and a subsidiary of LG, recently acknowledged that it was the victim of a targeted ransomware attack. In a statement provided to The Record, a company spokesperson confirmed that the breach was contained to one specific overseas facility and emphasized that the company’s headquarters and other global operations were not affected. Following rapid recovery measures, the spokesperson asserted that the impacted facility has resumed normal operations, though the company is continuing comprehensive security operations and internal investigations as a precaution against any lingering threats. The company, which is a major supplier of lithium-ion batteries for electric vehicles, energy storage systems, and consumer electronics, maintains eight facilities in North America among its operations on multiple continents and generated over $17 billion in 2024.
Almost concurrently with the company’s confirmation, the notorious cybercrime group known as Akira added LG Energy Solution to its data leak website, openly claiming responsibility for the breach. This public listing by the threat actors asserted they had successfully exfiltrated a significant volume of data, estimating the haul at nearly 1.7 terabytes. The group detailed their stolen files included approximately 1.67TB of general corporate documents and an additional 46GB of SQL databases, painting a picture of a massive data theft incident.
The claimed contents of the stolen data are particularly concerning, according to the Akira listing. They allegedly include a wealth of sensitive employee personal information, such as US and Korean passports, medical records, visas, Korean ID cards, home addresses, phone numbers, and email addresses. Beyond personal data, the thieves claimed to have acquired highly confidential business information, including detailed financials, non-disclosure agreements (NDAs), various confidentiality agreements, extensive contracts, and documentation regarding client and partner relationships and various confidential corporate projects.
Given that LG Energy Solution is currently in the middle of a comprehensive investigation into the incident, the company has not been able to definitively confirm or deny the extensive claims made by the Akira group regarding the amount and nature of the stolen data. The investigation is crucial for determining the true extent of the breach and the fidelity of the attackers’ boasts. No further detailed comments about the attack were shared by the company following the initial statement.
If the claims made by the threat actors are ultimately validated, the breach represents a significant security incident for LG Energy Solution. The alleged trove of sensitive corporate and personal data is highly valuable on the black market and could potentially be sold for large sums, possibly reaching into the millions of dollars. Furthermore, if the compromised databases contain numerous employee or client email addresses, this information could be leveraged by the attackers or subsequent buyers to orchestrate highly effective and devastating follow-up phishing campaigns, posing a secondary threat long after the initial ransomware deployment.
Reference:
