Nordnet's app was shut down on Tuesday, as it was discovered that customers could see other people's share and fund holdings. Unauthorized individuals could also trade on someone else's account, but not withdraw money.
About 1,500 people were affected by the IT problems, of which around 200 were in Sweden, 500 in Finland, 500 in Denmark, and 350 in Norway. There are a total of 2 million customers in the Nordic region. Two unauthorized transactions have been identified, one in Finland and one in Sweden.
There is also another order that has been placed, but it has not been executed, says Johan Tidestad, communications manager at Nordnet.
Transactions restored
All affected customers have been contacted and the transactions have been restored. Nordnet has been able to identify who made the transactions, but it is not relevant to report it to the police.
The picture we have is that it happened by mistake, says Tidestad.
The cause has no external influence, but is related to a software component linked to logging in to Nordnet's services.
This led to a smaller proportion of customers who logged in gaining access to incorrect information.
Mikael Bak, director of the Danish Shareholders' Association, writes in an email to TT:
"We have noted that it is not a matter of hackers, but an internal error. At first glance, it is positive, but one cannot help but think about how secure the systems are when it comes to external attacks."
According to Tidestad, customer security is Nordnet's top priority.
We work very preventively to prevent external attacks as well, so cybersecurity is a very high-priority area for us.
Measures taken
Nordnet has identified and taken measures to ensure that the current error does not occur again. According to Tidestad, it is not due to a structural problem.
Bak sees it as an opportunity to think about security in the industry.
"This must be a wake-up call, not just to Nordnet, but to the entire sector, that security must always come first. And it shows that private investors should not blindly trust the system, but also be vigilant and remember to check their accounts from time to time", he writes.
