NordVPN
Company Details
Linkedin ID:
nord-vpn
Website:
Employees number:
98
Number of followers:
17,953
NAICS:
541514
Industry Type:
Homepage:
nordvpn.com
IP Addresses:
0
Company ID:
NOR_6734650
Scan Status:
In-progress
NordVPN Company CyberSecurity Posture
nordvpn.com
Ensure your privacy online — NordVPN protects you from any third-party snoopers, including your ISP or advertisers. Secure your traffic and connect to public Wi-Fi hotspots without worrying about hackers stealing your data. Surf the net without restrictions — connect to any of our 5600+ servers available in 60 countries.
NordVPN A.I CyberSecurity Scoring
NordVPN Risk Score (AI oriented)Between 650 and 699
NordVPN
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NordVPN Global Score (TPRM)XXXX
NordVPN
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NordVPN Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
NordVPN
Breach
Rankiteo Explanation
Attack without any consequences
Description: One of the most well-known VPN service providers, NordVPN, stated that the Finnish data centre provider, where the server was housed, was to blame for the security breach. NordVPN was not aware that the provider of the data centre employed an unsecure remote administration method. According to NordVPN, the stolen TLS key was no longer valid, making it impossible to decipher VPN communications. According to NordVPN and TorGuard, no user credentials were captured, and no servers outside from the one in question were accessed.
NordVPN
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: In October 2024, NordVPN received a warrant from the Panamanian government to provide user data as part of a criminal investigation. NordVPN only disclosed payment-related information and confirmed the presence of an account associated with the provided email address, due to its no-logs policy. The incident highlights potential vulnerabilities in data privacy, despite strong security measures and the company's commitment to user privacy.
NordVPN
Vulnerability
Rankiteo Explanation
Attack limited on finance or reputation
Description: NordVPN were exposed to vulnerabilities that could have allowed hackers to execute arbitrary code with administrator privileges on computers running Windows. The bugs, CVE-2018-395 were discovered by Cisco Talos security researchers which is similar to another security flaw discovered in March by security consulting firm VerSprite. NordVPN had released patches to fix the original vulnerability. It was still possible to execute code as an administrator albeit through a exploit. The initial vulnerability was due to OpenVPN being able to select a malicious file when choosing a VPN configuration. They use OpenVPN's open-source software to set up secure connections from one point to another. The vulnerability had already been fixed.
NordVPN Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NordVPN
Incidents vs Computer and Network Security Industry Average (This Year)
No incidents recorded for NordVPN in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for NordVPN in 2025.
Incident Types NordVPN vs Computer and Network Security Industry Avg (This Year)
No incidents recorded for NordVPN in 2025.
Incident History — NordVPN (X = Date, Y = Severity)
NordVPN cyber incidents detection timeline including parent company and subsidiaries
NordVPN Company Subsidiaries
Ensure your privacy online — NordVPN protects you from any third-party snoopers, including your ISP or advertisers. Secure your traffic and connect to public Wi-Fi hotspots without worrying about hackers stealing your data. Surf the net without restrictions — connect to any of our 5600+ servers available in 60 countries.
Loading...
NordVPN Similar Companies
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
NETWORK-SECURITY-SOLUTIONS
## Our core business We manage linux / unix server infrastructures and build the efficient and secure networking environments using hardware cutting edge technologies suited to the needs of the project and the client. We believe in quality, opposed to quantity. Our company consists of highly
.png)
NordVPN CyberSecurity News
November 30, 2025 06:40 AM
NordVPN Launches Their Black Friday 2025 Deals: Save Up to 77% on a premium VPN
Get the NordVPN Black Friday deals and get 3 extra months free on every plan — available for a limited time only.
November 28, 2025 02:20 PM
Best VPN Black Friday Deals 2025 The Biggest Savings on Proton VPN, NordVPN and Surfshark
Discover the top VPN Black Friday 2025 deals from NordVPN, Surfshark, and Proton VPN — with huge discounts, free months, and unbeatable...
November 28, 2025 10:45 AM
NordVPN Outperforms Rivals in 2025 WCL Report With 817Mbps and Zero Leaks
NordVPN earns top marks in 2025 West Coast Labs testing, showing industry-leading speed, leak protection, and performance across all...
November 27, 2025 04:48 PM
Getting a VPN this Black Friday? Make sure it has these 3 features
These days, the best VPNs don't just offer a secure connection: they're bundled with a growing list of cybersecurity features.
November 26, 2025 07:22 PM
Fake Shopping Sites Surge 250% Ahead of Black Friday, NordVPN claims
With companies releasing Black Friday weeks ahead of time, cybersecurity specialists are sounding the alarm over the rise in scamming...
November 26, 2025 01:00 PM
Cyber Advice Releases New Article on Black Friday Cybersecurity Deals Launching Early for 2025
New York, NY, Nov. 26, 2025 (GLOBE NEWSWIRE) -- Cyber Advice, a leading online resource dedicated to helping regular people with...
November 24, 2025 11:48 AM
NordVPN call protection now available for Android users in the UK and Canada
The feature extends digital security beyond internet browsing to combat scam callsNEW YORK, Nov. 24, 2025 (GLOBE NEWSWIRE) -- In July,...
November 19, 2025 08:00 AM
Aura vs NordProtect: Which One Takes the Lead in 2025?
Aura delivers full-spectrum security with built-in antivirus, while NordProtect focuses on cybersecurity and automated protection.
November 14, 2025 06:35 PM
Consumers’ Leaked Data is Revealed at NordVPN’s Live Hacking Event in NYC
NordVPN aimed to drive awareness with a live hacking stunt that educated consumers on just how vulnerable their personal information can be.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NordVPN CyberSecurity History Information
Official Website of NordVPN
The official website of NordVPN is https://nordvpn.com.
NordVPN’s AI-Generated Cybersecurity Score
According to Rankiteo, NordVPN’s AI-generated cybersecurity score is 686, reflecting their Weak security posture.
How many security badges does NordVPN’ have ?
According to Rankiteo, NordVPN currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does NordVPN have SOC 2 Type 1 certification ?
According to Rankiteo, NordVPN is not certified under SOC 2 Type 1.
Does NordVPN have SOC 2 Type 2 certification ?
According to Rankiteo, NordVPN does not hold a SOC 2 Type 2 certification.
Does NordVPN comply with GDPR ?
According to Rankiteo, NordVPN is not listed as GDPR compliant.
Does NordVPN have PCI DSS certification ?
According to Rankiteo, NordVPN does not currently maintain PCI DSS compliance.
Does NordVPN comply with HIPAA ?
According to Rankiteo, NordVPN is not compliant with HIPAA regulations.
Does NordVPN have ISO 27001 certification ?
According to Rankiteo,NordVPN is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of NordVPN
NordVPN operates primarily in the Computer and Network Security industry.
Number of Employees at NordVPN
NordVPN employs approximately 98 people worldwide.
Subsidiaries Owned by NordVPN
NordVPN presently has no subsidiaries across any sectors.
NordVPN’s LinkedIn Followers
NordVPN’s official LinkedIn profile has approximately 17,953 followers.
NAICS Classification of NordVPN
NordVPN is classified under the NAICS code 541514, which corresponds to Others.
NordVPN’s Presence on Crunchbase
No, NordVPN does not have a profile on Crunchbase.
NordVPN’s Presence on LinkedIn
Yes, NordVPN maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/nord-vpn.
Cybersecurity Incidents Involving NordVPN
As of December 15, 2025, Rankiteo reports that NordVPN has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
NordVPN has an estimated 3,090 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at NordVPN ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
How does NordVPN detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with released patches to fix the vulnerability..
Incident Details
Can you provide details on each incident ?
Title: NordVPN Vulnerability Exploit
Description: NordVPN was exposed to vulnerabilities that could allow hackers to execute arbitrary code with administrator privileges on computers running Windows.
Type: Vulnerability Exploit
Attack Vector: Exploiting OpenVPN configuration
Vulnerability Exploited: CVE-2018-3952
Title: NordVPN Security Breach
Description: A security breach at NordVPN involved an unsecure remote administration method used by their Finnish data centre provider. A stolen TLS key was reported as expired and no user credentials were compromised.
Type: Security Breach
Attack Vector: Unsecure remote administration method
Vulnerability Exploited: Insecure remote administration access
Title: NordVPN Data Disclosure Incident
Description: In October 2024, NordVPN received a warrant from the Panamanian government to provide user data as part of a criminal investigation. NordVPN only disclosed payment-related information and confirmed the presence of an account associated with the provided email address, due to its no-logs policy. The incident highlights potential vulnerabilities in data privacy, despite strong security measures and the company's commitment to user privacy.
Date Detected: October 2024
Type: Data Disclosure
Vulnerability Exploited: Data Privacy Policy
Threat Actor: Panamanian Government
Motivation: Criminal Investigation
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through OpenVPN configuration and Unsecure remote administration method.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploit NOR024301022
Systems Affected: Windows computers
Incident : Security Breach NOR23117423
Systems Affected: One server in Finnish data centre
Incident : Data Disclosure NOR000011525
Data Compromised: Payment-related information, Account presence confirmation
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment-Related Information, Account Presence Confirmation and .
Which entities were affected by each incident ?
Incident : Vulnerability Exploit NOR024301022
Entity Name: NordVPN
Entity Type: Company
Industry: Cybersecurity
Incident : Security Breach NOR23117423
Entity Name: NordVPN
Entity Type: VPN Service Provider
Industry: Cybersecurity
Incident : Data Disclosure NOR000011525
Entity Name: NordVPN
Entity Type: Company
Industry: VPN Services
Location: Panama
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploit NOR024301022
Remediation Measures: Released patches to fix the vulnerability
Data Breach Information
What type of data was compromised in each breach ?
Incident : Security Breach NOR23117423
Data Encryption: TLS key
Incident : Data Disclosure NOR000011525
Type of Data Compromised: Payment-related information, Account presence confirmation
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Released patches to fix the vulnerability, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Disclosure NOR000011525
Lessons Learned: Potential vulnerabilities in data privacy, despite strong security measures and the company's commitment to user privacy.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Potential vulnerabilities in data privacy, despite strong security measures and the company's commitment to user privacy.
References
Where can I find more information about each incident ?
Incident : Vulnerability Exploit NOR024301022
Source: Cisco Talos
Incident : Vulnerability Exploit NOR024301022
Source: VerSprite
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cisco Talos, and Source: VerSprite.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability Exploit NOR024301022
Entry Point: OpenVPN configuration
Incident : Security Breach NOR23117423
Entry Point: Unsecure remote administration method
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploit NOR024301022
Root Causes: OpenVPN being able to select a malicious file when choosing a VPN configuration
Corrective Actions: Released patches to fix the vulnerability
Incident : Security Breach NOR23117423
Root Causes: Insecure remote administration access by data centre provider
Incident : Data Disclosure NOR000011525
Root Causes: Data privacy policy limitations
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Released patches to fix the vulnerability.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Panamanian Government.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on October 2024.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Payment-related information, Account presence confirmation and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was One server in Finnish data centre.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Account presence confirmation and Payment-related information.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Potential vulnerabilities in data privacy, despite strong security measures and the company's commitment to user privacy.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cisco Talos and VerSprite.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Unsecure remote administration method and OpenVPN configuration.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was OpenVPN being able to select a malicious file when choosing a VPN configuration, Insecure remote administration access by data centre provider, Data privacy policy limitations.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Released patches to fix the vulnerability.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=nord-vpn' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
