fr_FR
pt_PT
LG Energy Solution, one of the world’s biggest electric-vehicle (EV) battery makers, has confirmed a ransomware attack on one of its overseas facilities, claimed by the Akira ransomware group. The incident didn’t shut down global production, but the attackers say they stole a massive 1.7TB of data, including employee records and corporate documents – a serious red flag for both data security and the wider EV ecosystem.
For cybersecurity teams and anyone watching the EV space, this isn’t just another breach headline. It’s a reminder that high-tech manufacturing and critical infrastructure around clean energy are now prime ransomware targets, with potential knock-on effects across supply chains.
Details of the Ransomware Attack
TechRadar reports that LG Energy Solution confirmed a ransomware incident at one specific overseas facility, attributed to the Akira ransomware group. The company hasn’t named the country, but it has been clear that the attack was limited to that single site and did not spread across its network.
According to The Record, LG’s spokesperson said the attack “targeted a specific overseas facility” and that headquarters and other plants were not affected. That’s an important detail; from a network segmentation perspective, it suggests some separation between regional sites and core operations worked as intended.
The real punch, though, is data theft. TechRadar and SC Media both note that Akira claims to have exfiltrated around 1.7TB of data. SC Media reports that this cache allegedly includes corporate files and employee databases, while TechRadar mentions employee records and corporate documents among the stolen material.
DeXpose adds that the stolen trove likely contains confidential and proprietary information, which lines up with Akira’s typical playbook: steal sensitive data first, then use the threat of public exposure as leverage in ransom negotiations. Even when operations come back online quickly, that data exposure risk doesn’t go away.
So far, LG has not publicly confirmed the exact contents of the stolen data or whether it is negotiating with the attackers, and there is no disclosure of any ransom amount. That leaves incident responders and partners working with a worst-case assumption: anything accessible from that facility’s environment could now be in hostile hands.
Impact and Response
The good news, according to The Record and TechRadar, is that LG isolated the incident and restored operations at the affected facility. The company says manufacturing and business activities at that site have returned to normal, and it continues to stress that no other facilities or its headquarters were hit.
That containment story matters. From what’s publicly available, LG’s internal response appears to have focused on:
• Rapid isolation of the compromised environment to stop lateral movement.
• Recovery of systems to keep production and logistics running.
• Ongoing assessment of what data was accessed and exfiltrated.
From a business continuity angle, this is the surprising part: despite a major data theft claim, LG Energy Solution has kept operational continuity. Either the impacted facility wasn’t the most critical node in their global network, or the company had working contingency and incident-response plans ready to go. For other manufacturers, that’s the blueprint: assume breach, plan for rapid isolation, and rehearse recovery.
The more lingering problem is data exposure. With 1.7TB allegedly taken, the risks spread in two main directions:
• Employee privacy: Leaked HR records can fuel identity theft, targeted phishing, and social engineering against staff, partners, and even customers.
• Corporate intelligence: Internal documents, designs, contracts, and correspondence can be weaponized for corporate espionage, competitive intelligence, or supply-chain targeting.
DeXpose and RedPacket Security highlight that Akira has been actively exploiting weaknesses across multiple sectors. For defenders, this incident is one more data point that ransomware groups are comfortable going after industrial and energy-adjacent targets, not just hospitals and city governments.
Implications for the EV Industry and Critical Infrastructure
LG Energy Solution isn’t just another manufacturer; it’s a key supplier in the global EV battery market. That makes this attack relevant far beyond a single plant’s network. As EV adoption accelerates and more countries treat battery manufacturing as critical infrastructure, the sector becomes more attractive to financially motivated and potentially state-linked attackers.
For the EV ecosystem, this breach underlines three big pressure points.
First, supply-chain mapping and trust. If data about production capacity, delivery schedules, or supplier contracts is exposed, attackers can better map the EV supply chain, identify weak links, and time attacks to cause maximum disruption. Even if LG kept the lines running this time, competitors and partners should assume detailed operational data might be floating around in leak sites or private channels.
Second, intellectual property and innovation risk. Battery chemistry, manufacturing processes, and performance optimization are crown jewels in the EV race. While public reporting hasn’t confirmed that deep technical IP was stolen, a 1.7TB data haul almost certainly includes sensitive engineering and planning documents. That opens the door for copycat technologies, unfair competitive advantages, and longer-term erosion of R&D investment value.
Third, critical infrastructure vulnerability. As more grids, fleets, and cities depend on large-scale battery storage and EV infrastructure, the line between “factory” and “infrastructure” keeps blurring. The LG incident echoes a broader pattern: ransomware crews probing energy-adjacent environments to see what they can monetize. According to SC Media’s coverage of similar attacks, operators are steadily moving from purely IT targets to environments that sit closer to operational technology.
For security leaders in the EV and clean-tech sectors, the lesson is straightforward: treat data from plants, R&D centers, and logistics hubs as critical assets, not just operational byproducts. That means stronger segmentation between facilities, strict identity and access controls, continuous monitoring, and regular testing of incident-response playbooks that assume data exfiltration, not just encryption.
It also means revisiting vendor and partner security. If a single overseas facility can become the gateway to a multi-terabyte leak, then shared tools, remote access paths, and third-party integrations all need much tighter scrutiny.
The bottom line for the EV industry: this time, LG Energy Solution kept its production stable and restricted the blast radius. Next time, for another battery maker or charging-network operator, the story might not end as neatly. Using this incident as a practical case study now is far cheaper than responding to your own 1.7TB leak later.
Leave a Reply