Vinci on Tuesday fell victim to a cyber hoax that wiped out nearly a fifth of its market value in a matter of minutes.
A fake press release sent out to news outlets and relayed at 4:04pm Paris time by Bloomberg claimed that it would restate its financial statements for 2015 and the first half of 2016 following an internal audit that had discovered a net loss for both periods.
It also announced the immediate dismissal of Christian Labeyrie, its executive vice-president and chief financial officer, and said the French market regulator had been informed of the irregularities.
A fake phone number next to the real name of Vinci’s spokesperson appeared at the bottom of the email, along with a link to the web version of the press release, supposedly hosted on the “vinci.group” website. This address, which differs from the company’s “vinci.com” official url, is no longer active today.
In the body of the text also appeared many hints of the press release’s real nature, including a confusion between “millions” and “billions” and a mix-up between 2015 and 2016.
These were not picked up by traders, however, and Vinci’s stock dropped nearly 19 percent following the statement’s publication. The free fall stopped after a denial of sorts was sent to press agencies, though it soon turned out this statement was also a fake. It included an alarming sentence – “Malevolent individuals have sought to harm our group by leaking and misusing information held at our offices” – in an apparent attempt to reaffirm the veracity of the details disclosed.
The real denial came minutes later, with Vinci disavowing “all the information” contained in the initial release and stating its intend to pursue “legal actions”. Shares swiftly recovered, closing 3.8 percent down on the day. They were up another 1.4 percent as at 11:15am GMT today.
The identity of the perpetrators remains unknown, though a group ostensibly opposed to the construction of the Notre-Dame-des-Landes regional airport claimed the cyber hoax in the hour that followed. But the genuineness of this statement, which could equally have been used to uncover hackers’ tracks, has yet to be ascertained.