Customers of OP-Pohjola experienced problems in, for example, using their payment cards on New Year's Eve due to a denial of service attack. A denial of service (DoS) attack rendered the banking services of OP-Pohjola Group unavailable on New Year's Eve. Customers of the financial services provider on Wednesday experienced problems withdrawing money, using their payment cards and accessing online banking services.

The National Bureau of Investigation (KRP) has opened an investigation into the DoS attack following a criminal complaint.

Carina Geber-Teir, the chief communications officer at OP-Pohjola, says that the motive for the attack remains unclear. “It's absolutely impossible to speculate on [the motive],” she stated to Helsingin Sanomat.

The fact that KRP is looking into the attack may, however, imply that the attack was motivated by more than pure malice.

Geber-Teir refused to comment on whether the attackers may have made their demands known or tried to extort OP-Pohjola. “I can't comment on that in more detail. The investigation is being carried out by the police, and such questions should be directed to the authorities,” she said.

Helsingin Sanomat was on Thursday unable to reach a spokesperson at KRP for a comment on the investigation.

Geber-Teir also said that the financial services provider has resorted to no extraordinary measures in the wake of the attack but will continue its usual efforts to prevent further attacks. “It's now absolutely vital to rectify the problem and make the services available to customers.”

Customers of OP-Pohjola have no reason to fear for their savings because a DoS attack only prevents the use of the services targeted.

The savings and private details of customers were never at risk, stressed Mikael Salonaho, the head of risk management at Tieto, which is responsible for maintaining the data communications of OP-Pohjola. Sami Orasaari, a data security expert at the National Cyber Security Centre, similarly underlined that customers have no reason to fear the loss of their savings of the misuse of their bank details.

A DoS attack slows or suspends the performance of a network by generating massive amounts of fake access requests. “The road to the bank is sort of congested to ensure no one gets in,” described Orasaari.

The attack against OP-Pohjola was nevertheless unusual.

The identity of the attacker remains unknown although both Tieto and KRP are looking into it. “Let's see whether or not we can find it out,” said Salonaho.

Although the attack did complicate the New Year's Eve celebrations of many OP-Pohjola customers, they will not be automatically entitled to a reimbursement. “If any harm can be shown to have resulted, we urge customers to contact their local bank to clarify the issue,” said Geber-Teir.

Disruptions in the banking services of OP-Pohjola have reportedly continued on Friday.

Jukka Hiiro, Teppo Moisio – HS
Aleksi Teivainen – HT
Photo: Antti Aimo-Koivisto / Lehtikuva