Cyber Incident Victim: Amedia
Date:
Dec 2021
Location:
Norway
Summary
Amedia, a major Norwegian media company, experienced a severe cyberattack that disrupted central computer systems, halting physical newspaper production and impairing advertising and subscription services. The incident compromised customer data including names, addresses, phone numbers, and subscription history, though financial details and passwords remained unaffected. The company initiated containment measures while assessing the full scope of damage. This attack occurred amid a cluster of Norwegian cyber incidents impacting a major food producer and a regional government entity, both of which preemptively shut down systems to mitigate operational disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 28, 2021, Amedia—Norway’s largest local news publisher—publicly disclosed a serious cyberattack that forced the shutdown of several central computer systems. The incident disrupted physical newspaper production, preventing the printing of Wednesday’s editions across its portfolio of over 90 publications serving 2.5 million readers. Technical infrastructure supporting advertising and subscription systems was also compromised, halting new ad purchases and blocking subscribers from ordering, modifying, or canceling subscriptions. The company’s executive vice president of technology, Pål Nedregotten, confirmed the operational paralysis in an official statement, noting that restoration efforts were underway but that full damage assessments remained incomplete. Immediate containment measures were implemented to limit further harm, though Amedia did not disclose technical specifics of these actions or the attack vector.
The compromised subscription system contained customer names, addresses, phone numbers, and subscription histories, raising concerns about potential data exposure. Amedia explicitly stated that passwords, readership histories, and financial data were unaffected. No ransomware claims or attacker identities were disclosed, and the company provided no updates on whether data exfiltration occurred. This incident coincided with two other major Norwegian cyberattacks reported that week: food producer Nortura’s December 21 IT system shutdown and Nordland County Municipality’s Christmas Eve breach, which disrupted schools and clinics. Amedia’s press release emphasized restoring operations but did not specify timelines, forensic partners, or law enforcement involvement. The attack’s duration, root cause, and full operational repercussions were not detailed in available statements.