Update on cyber security incident

The Nordex Group detected a cyber security incident on 31 March 2022, and in response initiated security protocols, immediately shutting down various IT systems
across different business units.
To safeguard customer assets, remote access from Nordex Group IT infrastructure was disabled for turbines under contract. Nordex turbines continued operating without restrictions and wind farm communication with grid operators and energy traders was and remains unaffected. As part of immediately initiated business continuity measures, alternative remote control services have been set-up and are now successfully implemented for most of the fleet. In close cooperation with relevant authorities, the emergency response team of internal and external IT experts has been performing extensive investigations and forensic analysis. Preliminary results of the analysis suggest that the impact of the incident has been limited to internal IT infrastructure. There is no indication that the incident spread to any third-party assets or otherwise beyond Nordex’ internal IT infrastructure. While investigations are ongoing, the company is continuing to restore its IT systems such as to enable business continuity and resume normal operations as soon as reasonably practicable.

The Nordex Group will provide further updates when more information is available.