27 February 2024: Over the past days, Danish media have reported stories about a theft of source code involving Netcompany Denmark.
We can confirm one single incident involving a simple theft of Netcompany Denmark source code and user manuals.
We can refute that the incident is a ransomware attack.
The data theft has not affected Netcompany or our customers’ operations and services.
We know how the theft has occurred, the extent of the theft, and that the theft resides around source code and user manuals for Netcompany tools.
Since the simple theft was discovered, we have worked in close collaboration with authorities and have implemented additional mitigating actions to ensure a continued high level of security in our production systems landscape.
We have taken necessary precautions that ensure the stolen files cannot be used to gain unauthorized access to any system.
In Denmark, Netcompany runs several government core systems, however, the stolen files cannot be used to gain unauthorised access or compromise these systems in any way. Nor can the stolen files be used to gain unauthorised access to production systems.
The stolen files that have subsequently been leaked originate from the same incident of data theft of Netcompany source code for Netcompany tools and user manuals.
There have been media reports about passwords in the stolen files that can be used to gain access to Netcompany and our customers’ systems and that “…the password Netcompany123 would grant access to most of the system environment”. That is not true. “Netcompany123” is not an actual password but an easily recognizable placeholder that is replaced by a strong security profile password when the source code is released into production hence there is no access to any running systems.
There are no indications whatsoever that the event of the simple theft is part of a supply chain attack.
We take this matter very seriously. We are in close contact with the Danish customers mentioned in the stolen data and cooperating with the authorities.