LG Energy Solution, a South Korean battery manufacturer specializing in lithium-ion batteries for electric vehicles (EVs) and energy storage systems, suffered a ransomware attack at one of its overseas facilities. The Akira ransomware group claimed responsibility, alleging the theft of **1.7TB of data**, including **employee records** (visas, US/Korean passports, medical documents, Korean ID cards, addresses, phones, emails) and **corporate documents** (confidential projects, NDAs, financials, client/partner information, contracts). The impacted facility was restored to normal operations, but the stolen data—if verified—poses risks of **phishing attacks**, **black-market sales**, or **further exploitation**. The headquarters and other facilities remained unaffected, though investigations are ongoing. The breach’s scale and the sensitivity of the leaked employee and corporate data heighten concerns over financial fraud, reputational damage, and operational disruptions.
Source: https://www.techradar.com/pro/security/ransomware-attack-hits-lg-battery-subsidiary
LG Energy Solution cybersecurity rating report: https://www.rankiteo.com/company/lgenergysolution
"id": "LGE4092240111925",
"linkid": "lgenergysolution",
"type": "Ransomware",
"date": "11/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': ['automotive (EV batteries)',
'energy storage systems',
'consumer electronics'],
'location': {'affected_facility': 'overseas '
'(unspecified '
'location)',
'headquarters': 'South Korea'},
'name': 'LG Energy Solution',
'size': 'Large (global operations, $17B+ revenue in '
'2024)',
'type': 'Subsidiary (of LG Corporation)'}],
'data_breach': {'data_exfiltration': 'Claimed: ~1.7TB (1.67TB corporate '
'documents + 46GB SQL databases)',
'file_types_exposed': ['documents',
'databases (SQL)',
'PDFs (likely for contracts/NDAs)',
'image files (scans of passports/ID '
'cards)'],
'personally_identifiable_information': ['full names',
'passport numbers',
'Korean ID numbers',
'addresses',
'phone numbers',
'email addresses',
'medical documents',
'visa information'],
'sensitivity_of_data': 'High (includes passports, medical '
'records, financials, confidential '
'agreements)',
'type_of_data_compromised': ['employee PII',
'corporate documents',
'financial records',
'contracts',
'NDAs',
'SQL databases']},
'description': 'LG Energy Solution, a South Korean battery manufacturer and '
'subsidiary of LG, confirmed a ransomware attack targeting one '
'of its overseas facilities. The attack was mitigated, and the '
'facility is now operational. The Akira ransomware group '
'claimed responsibility, alleging the theft of ~1.7TB of data, '
'including employee records, corporate documents, and SQL '
'databases. The stolen data could be used for phishing or sold '
'on the dark web for significant profit. LG is investigating '
'the incident but has not confirmed the extent of the breach.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure and ransomware '
'association',
'data_compromised': ['employee personal information (visas, '
'US/Korean passports, medical documents, '
'Korean ID cards, addresses, phones, emails)',
'confidential projects',
'NDAs',
'confidentiality agreements',
'detailed financials',
'client/partner information',
'contracts',
'SQL databases'],
'identity_theft_risk': 'High (due to exposure of PII like '
'passports, ID cards, medical records)',
'operational_impact': 'Facility temporarily disrupted; now '
'restored to normal operations',
'systems_affected': ['one specific overseas facility']},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (Akira '
'threatened to upload '
'data; likely to sell if '
'not paid)',
'high_value_targets': ['employee databases',
'financial records',
'confidential agreements']},
'investigation_status': 'Ongoing (LG Energy Solution conducting security '
'operations and investigations)',
'motivation': ['financial gain', 'data theft'],
'ransomware': {'data_exfiltration': 'Claimed: ~1.7TB',
'ransomware_strain': 'Akira'},
'references': [{'source': 'The Record'}, {'source': 'TechRadar'}],
'response': {'communication_strategy': ['Public statement confirming attack '
'and mitigation',
'No further details disclosed during '
'investigation'],
'containment_measures': ['Isolation of affected facility',
'Mitigation of attack spread'],
'enhanced_monitoring': 'Precautionary security operations '
'ongoing',
'incident_response_plan_activated': True,
'recovery_measures': ['Restoration of facility operations to '
'normal'],
'remediation_measures': ['Recovery of impacted systems',
'Security operations enhancement']},
'threat_actor': 'Akira',
'title': 'Ransomware Attack on LG Energy Solution Overseas Facility',
'type': ['ransomware', 'data breach']}