LG Energy Solution, a leading South Korean battery manufacturer with global operations, confirmed a significant ransomware incident affecting one of its overseas facilities in mid-November 2025. The company announced that only a "specific overseas facility" was targeted, emphasizing that its headquarters and other international sites remained unaffected.
Rapid containment and recovery efforts returned the impacted facility to normal operations, and full-scale investigations involving internal and external cybersecurity teams were launched to trace the breach’s access points and bolster defenses against future attacks. The official disclosure followed public claims by the Akira ransomware gang, which took credit for the breach and threatened to release the stolen data if their demands weren’t met.
The Akira ransomware collective, flagged internationally for targeting high-value industrial companies, claimed it had exfiltrated around 1.67 terabytes of data from LG Energy Solution, including corporate documents, employee personal information (such as visas, passports, medical records, and ID cards), financial data, details about confidential projects, non-disclosure agreements, and contracts with clients and suppliers.
If verified, this data trove represents a severe threat, as it contains operational blueprints, intellectual property, and sensitive workforce details potentially enabling further cyberattacks or destructive phishing schemes. Akira’s own statements suggested that they might soon publish internal documents and SQL databases unless LG Energy Solution entered into negotiations.
Though the direct operational disruption at the overseas site proved temporary, the aftermath presents enduring risks. Ransomware gangs increasingly target manufacturers like LG, whose products are vital for industries such as electric vehicles and energy storage, causing ripple effects throughout global supply chains. The battery sector has seen a surge in attacks due to its strategic role, narrow recovery windows, and high-value data.
LG Energy Solution’s breach underscores growing concerns about cyber extortion targeting energy and manufacturing sectors, especially as international regulatory pressures mount and law enforcement agencies heighten scrutiny of cybercriminal operations. Industry experts forecast more ransomware attempts on energy sector companies, with supply chain vulnerabilities and third-party vendor networks presenting further risks for cascading attacks.
As investigations continue, LG Energy Solution remains focused on remediation, securing network pathways, and working with authorities to mitigate long-term consequences. The incident’s true impact will also depend on whether stolen data is published, which could have severe repercussions for strategic relationships, business operations, and the wider EV battery supply chain.
