Cyber-attack on Hydro in brief
On March 19, 2019, Hydro was hit by an extensive cyber-attack. The attack affected our entire global organization, with the business area Extruded Solutions having suffered the most significant operational challenges and financial losses. Hydro’s other business areas – Bauxite & Alumina, Primary Metal, Rolled Products and Energy – was able to produce close to normal despite the attack, although based on work-intensive workarounds and manual procedures.
Hydro have now resumed normal operations. During and after the attack, Hydro worked 24/7 with all available internal resources and in close cooperation with external expertise to resolve the situation. All PCs and servers across the company was reviewed, cleaned for any malware and safely restored, according to strict guidelines to ensure security and safety. Encrypted PCs and servers were rebuilt based on back-ups. We have reorganized our security team to better detect and respond to cyber incidents.
Hydro is in dialog with relevant Norwegian and international authorities, including Norway’s National Investigation Service (Kripos) and the Norwegian National Security Authority (NSM). Hydro has estimated the total cost to be in the range 550-650 MNOK. The company has a robust cyber insurance in place with recognized insurers.
Media contact on duty +47 22 53 82 10
Dear business partners
Following the cyber-attack, some may try to take advantage of the current situation and contact Hydro’s partners, pretending to be Hydro. This may be an attempt to spread the virus further or deceive our customers, suppliers or other partners. We therefore ask our partners to show extra caution when receiving emails from Hydro during this period. For instance, please note that Hydro is not under any circumstances asking our partners to change bank accounts. Anyone who is in doubt about the credibility of an email from Hydro should call the sender to verify. Contact your Hydro representative if you have any questions.