One of Norway’s largest local news publishers, Amedia, had its operations come to a screeching halt on Tuesday following a major cyberattack on its central computer systems. The 78 newspapers that the company owns can’t be printed, readers can’t subscribe (or unsubscribe) from their local paper, and there’s no clear answer for when these issues will be resolved.
“The situation is unclear,” wrote Amedia executive vice president of technology Pål Nedregotten in an announcement about the “serious” cyberattack. (Gizmodo translated the announcement from Norwegian using Google Translate.) “We are in the process of gaining an overview of the situation, but do not yet know the full potential for damage. We have already implemented comprehensive measures to limit the damage and to restore normal operations as quickly as possible.”
It “can not be ruled out” that some subscriber and Amedia employees had their personal data compromised as part of this hack, the company said. The hacked subscription software held names, addresses, phone numbers, and subscription histories for each of the publisher’s customers, which means that it’s not out of the question that these details got swept up by some bad actor.
The good(ish) news is that some of the more sensitive data points, like customer passwords and credit card details, weren’t affected, according to the company. Amedia said its online versions will also continue to publish.
This is hardly the first cyber headache Norway’s been dealing with in recent months. Back in March, the Norwegian Parliament announced it was victim to a large-scale cyberattack, roughly half a year after suffering through a similar attack that saw email accounts of Norwegian officials broken into. And on Christmas Eve, the Nordland County Municipality — the governing body responsible for overseeing much of northern Norway’s schools, clinics, and public transit systems — was forced to shut down its systems after suffering a breach of its own.
In the past, Norwegian authorities have pinned the blame for these sorts of attacks on foreign agents: Chinese hacking groups and Russian military hacking units in particular. If the U.S.’s own embarrassing track record with cybersecurity has shown us anything, it’s that these sorts of actors don’t always rely on sophisticated state-sponsored know-how to breach these systems — low-level exploits can be just as damaging. While Amedia is still scrambling to figure out who — and what — took down their systems, the debacle should be a wake-up call for all of us to take our security seriously.