The company announced the data attack on Tuesday. The entire property register in Norway is affected.
– We take it very seriously because it is such a large scope, says director Leif Arne Brandsæter in Norkart to NRK.
The company itself states that personal data is going astray. This is information such as name, address and birth number. This does not apply to people at hidden addresses or sheltered buildings.
– How many may be affected?
– We do not know exactly. But that’s all which are listed as owners or previous owners or occupiers of property in Norway. Then it can be up to 3.3 million, he says CEO Leif Arne Brandsæter in Norkart to NRK.
He says an intensive police investigation is underway.
What is special about this case is that there is information about name, address and birth number in the same database, says Brandsæter.
– We do not know if this information has been misused or attempted misuse. We also do not know who is behind the data breach, he adds.
Brandsæter asks people to take extra care now.
– What we want now is that everyone who is the owner or partygoer is extra vigilant when it comes to attempted fraud. A good piece of advice is to block yourself from checking credit information and follow what is happening in your mailbox.
He says it is important to check if, for example, you receive a letter that you have bought something or other. But he thinks it is unlikely to happen.
Reported to the police
In a press release writes Norkart that the attack was uncovered on 5 May. The search service was immediately closed, and the vulnerability was fixed the same day.
The data attack has been reported to the police and the Norwegian Data Protection Authority.
The Oslo Police District is investigating the case.
– Unknown players exploited a vulnerability in a search service that retrieves copy data from Norway’s official property register. Information was downloaded from the search service by unauthorized persons. The vulnerability was due to an error in the configuration of the firewall for the search service, which gave unauthorized access to the service, writes Norkart.
The Data Inspectorate warns against ID theft
The Data Inspectorate says it is not in itself sensitive personal information. But there are many affected.
– It appears that the attack has downloaded the personal data. The Data Inspectorate will take a closer look at what has happened and why it has happened. When the case has been processed, it will be possible to say more about the severity of the case, says Janne Stang Dahl, acting director of the Norwegian Data Protection Authority.
– Can the information be misused?
– Yes, when the information is compiled, there can always be a risk of misuse such as ID theft. So it is always wise to be aware if you see any strange movements, she says.