The Sustainability Business division of Schneider Electric has been hit by a ransomware attack.

Terabytes of corporate data have been stolen, with attackers threatening to leak the stolen data if they are not paid.

"On January 17th, 2024, a ransomware incident affected Schneider Electric Sustainability Business division," the company told DCD in a statement. "The attack has impacted Resource Advisor and other division-specific systems."

Bleeping Computer reports that the incident was a Cactus ransomware attack and could cause outages with Schneider Electric's Resource Advisor cloud platform.

The Sustainability Business division provides consulting services on renewable energy solutions and climate regulations.

"From a containment standpoint, as Sustainability Business is an autonomous entity operating its isolated network infrastructure, no other entity within the Schneider Electric group has been affected," the company said.

Schneider Electric said that its Global Incident Response team was working on containing the incident and improving security going forward.

"From an impact assessment standpoint, the ongoing investigation shows that data have been accessed," the company said, adding that it had informed impacted customers.

It is also working "with leading cybersecurity firms" and "relevant authorities."

In 2023, Schneider bought Atos' environmental consultancy EcoAct, merging it into its Sustainability Division. The acquisition completed in November 2023.

EcoAct is reported to have 350 staff, and was itself acquired by Atos in 2020.