Breach cyber

NordVPN

Jan 15, 2025 1 min read
NordVPN

In October 2024, NordVPN received a warrant from the Panamanian government to provide user data as part of a criminal investigation. NordVPN only disclosed payment-related information and confirmed the presence of an account associated with the provided email address, due to its no-logs policy. The incident highlights potential vulnerabilities in data privacy, despite strong security measures and the company's commitment to user privacy.

Source: https://www.wired.com/story/best-vpn/

TPRM report: https://scoringcyber.rankiteo.com/company/nord-vpn

"id": "nor000011525",
"linkid": "nord-vpn",
"type": "Breach",
"date": "1/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'VPN Services',
                        'location': 'Panama',
                        'name': 'NordVPN',
                        'type': 'Company'}],
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Payment-related information',
                                              'Account presence confirmation']},
 'date_detected': 'October 2024',
 'description': 'In October 2024, NordVPN received a warrant from the '
                'Panamanian government to provide user data as part of a '
                'criminal investigation. NordVPN only disclosed '
                'payment-related information and confirmed the presence of an '
                'account associated with the provided email address, due to '
                'its no-logs policy. The incident highlights potential '
                'vulnerabilities in data privacy, despite strong security '
                "measures and the company's commitment to user privacy.",
 'impact': {'data_compromised': ['Payment-related information',
                                 'Account presence confirmation'],
            'payment_information_risk': 'High'},
 'lessons_learned': 'Potential vulnerabilities in data privacy, despite strong '
                    "security measures and the company's commitment to user "
                    'privacy.',
 'motivation': 'Criminal Investigation',
 'post_incident_analysis': {'root_causes': 'Data privacy policy limitations'},
 'threat_actor': 'Panamanian Government',
 'title': 'NordVPN Data Disclosure Incident',
 'type': 'Data Disclosure',
 'vulnerability_exploited': 'Data Privacy Policy'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Helsinki

public 1 min read
A data breach affecting Helsinki, Finland’s capital and largest employer, exposed sensitive personal data of over 300,000 people.…
Jeremy C Jeremy C
Breach cyber

Nucor

public 1 min read
Nucor, North America's largest steel producer and recycler, experienced a cybersecurity incident that resulted in the theft of…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.