Go directly to

      Cyberattack on Continental

      Date: December 12, 2022

      Continental was targeted by cybercriminals. The company was able to avert the attack early in August and restore the full integrity of its IT systems. Continental’s business activities were not affected at any point. The investigation of the incident has since revealed that despite established security measures, the attackers were also able to steal some data from the affected IT systems.  

      The investigation, conducted with the support of external cybersecurity experts, and the data analysis are still ongoing and are of the highest priority.  

      Key questions regarding the cyberattack will be updated on this page.


      At what point did the attackers gain access to parts of Continental’s systems, and when did the company discover this? What steps were taken as a result, and what is the current situation?
      • August 4, 2022: Continental detected anomalies in its IT system. With the help of cybersecurity experts, protection software was then deployed. 

      • No attacker activity was detected in Continental’s systems from August 5, 2022, onward. 

      • The current investigation into the incident indicates – according to available information – that the attackers first accessed Continental’s systems on July 1, 2022.  

      • No encryption of Continental’s took place, and Continental’s business activities were not affected at any point. 

      • Continental began investigating the incident immediately and is working with external experts in this regard.  

      • The attackers contacted Continental in mid-September. Continental subsequently broke off contact with the attackers. 

      • On November 9, 2022, the attackers offered to delete or sell the data on the dark web for $50 million. On November 29, 2022, this was reduced to $40 million.  

      • On November 10, 2022, the attackers also published a list of the data that they claimed to have in their possession. No detailed file contents were published. 

      • Continental currently assumes that more than 40 terabytes of data were stolen. No file contents have been published to date. 

      • Continental currently has no indication that data has been manipulated or products compromised. 

      • Continental is working with a renowned audit firm to carry out the technological data analysis. 

      Will Continental agree to the ransom demand? Is the company in negotiations with the hacker group concerning the ransom amount?
      • Continental refuses to pay ransoms on the grounds that it would only help fund continued attacks on the security of critical infrastructure such as utilities and hospitals, educational institutions and the economy. 

      • This stance is also in line with existing recommendations by the Federal Office for Information Security, the Federal Criminal Police Office and the German government. 

      Why did Continental not detect the attack immediately?
      • The forensic analysis is still ongoing and should shed light on how the attack occurred. The fact is that the attackers managed to remain undetected for four weeks.  

      • This is not unusual, as experience shows that ransomware attacks remain undetected for several months on average. One of the reasons for this is that companies, especially large companies, exchange significant amounts of data. A data transfer of around 40 terabytes, as in the present case, is therefore not immediately conspicuous. 

      • At present, Continental is focusing in particular on analyzing the file list to gain a better understanding of the stolen data. 

      Why is the data analysis still ongoing?
      • Continental currently assumes that more than 40 terabytes of data were stolen.  
      • When analyzing the data, extensive legal framework requirements must be observed, for example with regard to data protection. 

      • As part of the analysis, the significance of the data is being carefully reviewed and evaluated.  

      • Due to the potential volume of data (more than 55 million file entries), the data analysis is likely to take several more weeks. 

      How up to date are Continental’s cybersecurity systems?
      • The company regularly reviews the robustness of its defense systems and improves their protection. However, cybercriminals are developing increasingly sophisticated attack methods. Cyberdefense therefore amounts to a permanent race.  

      • The forensic analysis will determine how the attack was carried out and will also examine how effective the security systems were.  

      How were the attackers able to infiltrate Continental’s systems?
      • The investigation into the cyberattack and into the methods used by the attackers is still ongoing. Initial findings suggest that the attackers gained access to Continental’s systems using disguised malware run by an employee. 
      What consequences will the data breach have for Continental’s employees and other stakeholders?
      • Continental is in constant contact with national and international security and data protection authorities, with employee representatives and with other company stakeholders. 

      • The company is investigating and assessing the extent to which data is affected. To this end, we are in continuous exchange with all those involved at various levels (e.g. specialists, IT, data protection). As an employer, Continental is also doing everything it can to analyze and evaluate the data with regard to the possible involvement of sensitive personal data. 

      • Continental is convinced that only by working together can we successfully combat the threat from cybercriminals. Accordingly, the company has a strong interest in joining forces and initiating coordinated steps and measures through the smooth exchange of information. 

      • As the analysis of the stolen data has not yet been completed, Continental is currently unable to provide any further details on the consequences for potentially affected employees and other company stakeholders. 

      What economic consequences could Continental face as a result of the cyberattack?
      • No further details on possible consequences can be provided at present.