The data breach has cost a lot of money, but we haven’t finished cleaning up yet. There will likely be additional costs throughout the year, says County Director Evin Jarl Ediassen for Finance and Regulation in Nordland County Municipality.
A large amount
Right before Christmas Last year, the Nordland County municipality suffered a massive data breach, which led to the complete shutdown of the computer systems in the county municipalities for a long time. The staff had been without the Internet for several weeks, and the personal information of about 18,000 people may have been recovered in the burglary. The county municipality calculated that the data breach as of April had caused the county municipality NOK 6.7 million in actual costs, among other things, in overtime, purchasing assistance and equipment for sequelae detection, and restoring computer systems.
Indirect costs have not yet been determined, but these costs may prove to be as high as direct costs.
– When we discover the burglary we shut down our systems immediately. Our 3000 employees lost access to networks and systems for several weeks, and this has cost a lot in the form of service production loss. We’re working on these costs, says Ediassen.
The county municipality still does not know which actors were behind the data breach. There should have been no contact between the county municipality and the attackers, and the county municipality previously stated that the attackers did not leave a ransom claim.
The county municipality has a good picture of the course of events, but they currently want to keep details about this to themselves.
– For the sake of an ongoing investigation, we can’t go into detail about how the burglary happened, but we have a clear idea of how it happened, says Ediassen.
The case is still under investigation, and police in Nordland can report that there is evidence in the case that the attack was coming from abroad.
There are traces that point to servers located in other countries, and we have made legal requests for assistance to authorities in countries where we believe there may be information that needs to be secured, says police attorney Torbjorn Sandbo in the Nordland Police District.
According to the police, there are many indications that the attack has stopped, and therefore it is difficult to determine whether the attack was ransomware. The police also have no specific suspects in the case.
There may be information on several different servers around the world, and we are now waiting for a response to requests we’ve sent to different authorities so we can move forward, Sandbo says.
At a press conference in January, the county council informed that the personal information of a total of 18,000 people could be lost after the data breach. This includes about 8,000 students, about 3,200 employees, 2,800 interns, 420 students in vocational schools and up to 800 participants in the online school in Nordland, all elected representatives on the county council and some retirees. The leaked information may be about your full birth number, name, county municipality username, phone number, and email addresses.
The data breach gave the county municipality useful experience about the importance of enhancing its data security.
– We have enhanced security, and improved monitoring of Internet traffic. The experience the attack gave us, Ediassen says, is that we rely heavily on our ICT architecture to ensure services are delivered to the population.
He notes that the prefectural council quickly detected the attack, which helped reduce the damage.
We had a safety net that led us to detect intruders on their way into the system, and we responded by shutting down the system immediately. This resulted in all employees losing access to the network over a longer period, but it may have reduced the extent of the damage caused by the attack, Ediassen says.
This article was prepared in collaboration between Dagbladet and Kommunal Rapport.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”