Emerging Threats

A popular VPN service provider announces data breach - What you should know

NordVPN confirmed a data breach occurred in March 2018 at a datacenter where the company routed some of its customers’ internet traffic.

NordVPN provides virtual private networks, which encrypt and reroute its customers’ internet activity. VPNs are designed to help keep data you send and receive online private and secure.

Here are details about the NordVPN data breach you should know.

  • Where did the data breach happen? A Finnish datacenter from which NordVPN was renting servers was accessed without authorisation in early 2018.
  • When was the data breach announced? NordVPN acknowledged the breach on October 21, 2019.
  • How did the data breach occur? The cyberattacker gained access to the server by exploiting a vulnerable remote management system of the server provider.
  • Were user credentials accessed? No usernames or passwords were intercepted.
  • Were user activity logs accessed? The server did not contain user activity logs.

NordVPN published a blog post about the data breach. The company detailed steps it has taken since the breach, including terminating its contract with the server provider.

NordVPN said it’s unlikely any user data was compromised.

I use a VPN — should I be concerned about online privacy and security?

If you use a VPN or are considering getting one, you’re probably thinking about online privacy and security. A lot of companies offer a VPN service. That includes Norton LifeLock with Norton Secure VPN.

Here are some questions to consider when choosing a VPN provider.

  • Does the VPN provider respect your online privacy? VPN providers should have a no-log policy. That means they don’t track your online activity.
  • What protocol do they run? OpenVPN — an open-source software that supports all of the major operating systems — is considered strong security.
  • Where are servers located? You might want to access the web from a certain area. If so, make sure your VPN provider has a server in that area.
  • Are there data limits? Check to see if a potential VPN service provides unlimited bandwidth and no data limits.
  • What is the cost? Some VPN services are free, but they may support their business in other ways such as tracking and selling browsing history to third parties for marketing purposes. You might prefer a paid option.


In today’s connected world, you need more than just antivirus to protect your devices and online privacy . Find out how Norton 360 includes Device Security, A VPN, Password Manager and more, all in a single solution.