A Norwegian software company discovered one of its servers had been compromised and used for bitcoin mining over an extended period. The security breach affected a database containing 17,000 records with user information including names, email addresses, and company details.
The incident involved Visma Software Nordic, a subsidiary of Norwegian technology firm Visma. The compromised server hosted data for Oppslag Juridisk, a legal reference service the company provides to business clients. Company officials confirmed the breach in a notification to Norwegian data protection authorities.
Communications director Lage Bøhren stated that investigations revealed the intrusion began in early 2021 and continued for approximately eighteen months until August 2022. The breach went undetected until routine security analysis uncovered the mining activity in July of this year.
Visma immediately isolated and secured the affected server upon discovery. The company later determined the database contained personal information and notified the Data Protection Authority in early August.
The database records included login credentials and contact information but no sensitive personal data or payroll system connections. Bøhren emphasized the information was not linked to customer data or salary systems, containing primarily names, emails, company names, and billing addresses.
Technical investigation found no evidence that personal data was extracted from the system, though officials acknowledged they cannot completely rule out this possibility. The 17,000 records included test data and duplicates, meaning fewer individuals were likely affected than the total record count suggests.
Visma has chosen not to report the incident to police, citing internal guidelines that typically require reporting criminal activity. Company representatives explained the mining activity was discovered so long after it occurred that police reporting seemed impractical.
Affected individuals have not been notified because Visma assessed the breach posed low risk to them. The company continues evaluating the scope and consequences of the security incident.
This case highlights ongoing cybersecurity challenges facing Nordic technology firms. Norway's data protection regulations require companies to report breaches involving personal information, but enforcement decisions often depend on risk assessments conducted by the companies themselves.
Visma has since reviewed similar server environments to identify potential vulnerabilities. The company confirmed no further security measures were needed after isolating and shutting down the compromised system.
The incident raises questions about detection capabilities for cryptocurrency mining operations, which can operate stealthily for extended periods. Bitcoin mining consumes substantial computational resources and electricity, making unauthorized use of company servers an attractive option for cybercriminals.
Norwegian data protection authorities now have the case under review. The agency can choose to investigate further or accept the company's handling of the situation based on their initial assessment of the breach's severity.