Cyber Incident Victim: Jan Nygaard AS
Date:
Jan 2025
Location:
Denmark
Summary
Jan Nygaard AS experienced a cyberattack resulting in data theft, with unauthorized access compromising personal information including CPR numbers, contact details, driver's license and passport data, and salary documents for some customers and current or former employees. The breach led to partial publication of stolen data on Darknet, elevating risks of identity theft and financial fraud, particularly for individuals with confidential addresses. The incident was promptly contained and reported to relevant authorities, while external IT specialists assisted in impact assessment. The company notified affected parties and enhanced security protocols to mitigate future threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 5, 2025, Jan Nygaard AS discovered it had been subjected to a cyberattack resulting in unauthorized access and data theft. The attack was halted the same day it was initiated. External IT specialists were immediately engaged to investigate the breach's scope, which involved the theft of sensitive personal data. By January 6, 2025, the incident was reported to the Danish Data Protection Agency (Datatilsynet) and the Police. Analysis confirmed that compromised data included CPR numbers of current and former employees, as well as names, addresses, phone numbers, and email addresses of customers and employees. A smaller subset of customers who interacted with sales departments had additional data stolen, including driver’s licenses, passport details, and salary slips/tax statements. Workshop customers were assessed as unaffected.
The company initiated broad notifications to all current customers and employees for whom contact details were available, advising precautionary measures against identity theft per Sikkerdigital’s guidelines. Specific outreach to confirmed affected individuals was delayed pending further forensic analysis to refine the scope. Public communications via the company’s website and social media platforms were deployed to reach former customers and employees. The compromised data was confirmed to have been published on the darknet, elevating risks of identity theft, financial fraud, and exposure for individuals with confidential addresses. Jan Nygaard AS reinforced its security protocols, launched a comprehensive review of data protection practices, and established a dedicated contact channel ([email protected]) for inquiries. No attacker attribution, intrusion methods, or system vulnerabilities were disclosed in available communications.