Cyber Incident Victim: Nordea

On October 25, 2024, Nordea Bank experienced a significant cyberattack impacting its digital services across Sweden, Norway, Denmark, and Finland. Beginning in the evening, customers encountered widespread login failures in Nordea’s mobile app and website, receiving the error message “Något blev fel. Försök igen” (“Something went wrong. Try again”). The disruption was rapidly reported by users on Downdetector, reflecting a surge in accessibility issues. Nordea’s Norwegian press chief Cathrine Graff initially acknowledged technical difficulties, confirming teams were working urgently to identify the cause. Within hours, Graff attributed the outage to a distributed denial-of-service (DDoS) attack, explicitly stating the incident was a deliberate attempt to overwhelm Nordea’s systems and render them inaccessible to legitimate users. The attack specifically targeted the bank’s public-facing platforms, crippling core customer access points during evening hours.

This incident marked an escalation in a series of recent overload attacks against Nordea, which had intensified over the preceding month and caused persistent degradation of digital services, including slower transaction processing. CEO Frank Vang-Jensen had publicly addressed the growing threat weeks earlier during the bank’s earnings reporting period, emphasizing the attacks’ increasing scale and sophistication. He noted the operations were not attributable to “a single actor in a basement,” implying coordinated or resource-backed adversaries. Nordea’s technical teams mitigated the October 25 attack by 21:30 local time, restoring full functionality to the app and website. The bank did not disclose specific mitigation measures but confirmed the attack’s resolution within approximately three hours of widespread customer impact. No data breaches or financial losses were reported in connection with the DDoS incident.