Norway’s state data authority (Datatilsynet) has warned the Norwegian Parliament’s administration of a hefty fine, for failing to adequately secure its electronic communications systems. The authority claims the Parliament did not have “good enough technical measures” to ward off hackers.
The authorities pointed to a serious attack in 2020 that allowed hackers to download data including personal information and email from the accounts of Members of Parliament and other employees. The consequences can include misuse of identity, credit cards and even extortion.
Datatilsynet director Bjørn Erik Thon stated that if the Parliament had used a two-factor authorization system, “the chances for a successful attack would have been considerably lower.” His office has given the Parliament’s administration three weeks to respond to a fine of NOK 2 million.
Marianne Andreassen, the already hard-pressed director of a Parliament still reeling from a series of scandals last fall, admitted that IT security did not include adequate demands for password protection nor a two-factor authorization system, and that a “reaction” from the authorities was expected. She added that Parliament staff has learned a lot since and would respond to the data authorities.