Amedia, one of the largest media companies in Norway, was hit by a “serious” cyber attack and was forced to shut down its computer systems.
The company is whole or partial owner of 50 local and regional newspaper with online newspapers and printing presses, and its own news agency, Avisenes Nyhetsbyrå. The corporation also owns and operates a group of printing plants under the brand name Prime Print in Russia.
The attack took place in the night between December 27 and December 28, and hit systems administered by Amedia Teknologi, the IT company of the group.
The attack blocked the presses and it was not possible to print Wednesday’s edition of physical newspapers. The cyberattack also impacted the company’s advertising and subscription systems.
“On the night of Tuesday 28 December, several of Amedia’s central computer systems were shut down. The production of online newspapers is going as normal, but no paper newspapers will be published on Wednesday. This is because systems for publishing paper newspapers, advertisements and subscription management do not work as normal.” reads the statement published by the company.
Amedia states that all available resources are now working to solve the problems and uncover the extent of the cyber attack while it is working on restoring operations. The media company informed the local authorities.
At this time it is not clear if the company was hit by a ransomware attack or if threat actors have stolen the personal information of subscribers and employees.
The impacted subscription systems contained user data, including names and addresses, phone numbers, and subscription forms, and history, this means that it is reasonable to assume that data might have been exposed and in this case, the company will notify impacted individuals. The cyberattack did not impact financial information.
“The subscription system that has been attacked contains the name, address, telephone number and subscription form and history of the subscribers. Other data such as aID password, read history and information about bank cards etc are not affected.” concludes the statement. “Amedia now works on the basis that customer data can be compromised. If personal information has gone astray, those affected will be informed as soon as possible. This will apply to both customers and employees. In such a case, the Data Inspectorate will be notified of what has happened and how we work with mitigating measures, Nedregotten continues.”
(SecurityAffairs – hacking, Amedia)