Cyber Incident Victim: OP Financial Group

OP Pohjola Group experienced a distributed denial-of-service (DDoS) attack beginning on New Year's Eve 2014, disrupting its digital services and ATM operations. The attack flooded the bank's data communication systems, preventing customers from accessing online banking services and withdrawing cash from ATMs. Some card payment transactions also encountered difficulties during the disruption. OP detected the attack at approximately 16:30 local time on December 31, with services intermittently resuming functionality before being fully restored after midnight. The bank implemented heightened security measures for its data traffic while continuing corrective actions, cautioning that further disruptions remained possible despite service restoration. International customers particularly experienced persistent login difficulties to online services during the recovery phase.

The incident remained active through January 5, 2015, though the attack was believed to have ceased by that date. OP publicly confirmed the DDoS attack's role in the disruptions through an official statement, emphasizing ongoing mitigation efforts. This attack occurred alongside similar disruptions affecting other financial institutions, including Nordea Bank's Finnish operations and Denmark's Danske Bank, with Nordea confirming a DDoS incident and involving law enforcement in its investigation. The broader context included increased DDoS activity during this period, exemplified by hacking group Lizard Squad's release of an inexpensive DDoS tool prior to these incidents, though no direct attribution to any specific group was made regarding OP's attack. The bank's response focused on restoring services while maintaining elevated security protocols to address potential follow-on attacks.