The Day Everything Was Gone: CloudNordic and the Illusion of Safety

Most breaches unfold slowly. This one didn’t.

In August 2023, Danish hosting provider CloudNordic announced that it had lost all customer data. Websites, emails, databases, backups — gone. Attackers had breached their environment, encrypted production systems, and then wiped the backups as well. CloudNordic’s founders did something rare and honest: they told customers publicly that the data would not come back (TechCrunch, 2023; TechTarget, 2023; Cybernews, 2023).

For many small and medium-sized businesses, this meant their entire digital existence disappeared overnight.

What makes the CloudNordic incident so unsettling is not that it involved exotic malware or an unheard-of technique. It didn’t. What makes it unsettling is how complete the collapse was once attackers were able to act as trusted users inside the environment (TechCrunch, 2023; Cybernews, 2023).

Once that line is crossed, things move very fast.

When attackers become “internal”

Post-incident analysis focused on infrastructure topics: network segmentation, isolation between systems, and backup design. Those discussions are important. But they sometimes distract us from the deeper pattern that shows up again and again in modern attacks.

Once attackers can authenticate, escalate, and operate with legitimate-looking access, technical safeguards fall like dominoes.

ENISA’s Threat Landscape Report has been warning for years about the rise of destructive ransomware — attacks that are not primarily about ransom, but about maximum damage (ENISA, 2023). CrowdStrike’s European threat analysis shows how identity-based access is now the fastest way to that outcome (CrowdStrike, 2025).

Secure Your Reputation with Trust Circle

Email-centric trust has reached its limit, one compromise can unravel a firm’s entire reputation. Trust Circle replaces insecure inboxes with identity-anchored workflows and biometric security.

 

Join the Waiting List

CloudNordic wasn’t uniquely careless. They were exposed to the same reality many organisations live with: environments where trust is implicit, access spreads over time, and “internal” often just means “has credentials”.

The quiet role of email-based trust

What’s often missed in these discussions is how email-centric workflows amplify the impact after an initial breach.

Email is how access is requested.
Email is how exceptions are handled.
Email is how “quick fixes” propagate.

When attackers gain a foothold, email becomes a force multiplier. It allows impersonation, lateral movement, and social engineering to scale inside organisations that still rely on inboxes as their client portal, their onboarding system, and their approval workflow (CrowdStrike, 2024).

We don’t know exactly where CloudNordic’s initial vulnerability was. That’s not the point. The uncomfortable truth is this: once attackers operate inside a trust model built on accounts, shared access, and email-based coordination, containment becomes brutally difficult.

Identity collapse amplifies damage.

Empathy, not blame

I have deep empathy for the founders, engineers, and customers caught in this incident. No one builds a company expecting to one day tell their users that everything is gone. I know how many trade-offs are made over years — speed versus structure, cost versus resilience — and how easy it is to believe that what worked yesterday will keep working tomorrow.

Many of us rely on the idea that backups, providers, or “someone else’s infrastructure” will save us if the worst happens. CloudNordic showed how fragile that assumption can be (Cybernews, 2023).

Why we are building Trust Circle

We are launching Trust Circle at ZealiD because stories like this keep repeating — across professional services such as legal, finance, HR, advisory, and beyond.

Trust Circle doesn’t try to replace your entire infrastructure. That’s unrealistic. Instead, it isolates what matters most: high-value documents, sensitive workflows, and critical approvals. Inside a Trust Circle, access is anchored to verified digital identities, not just email addresses and passwords. Documents don’t move around inboxes. They live inside identity-bound workspaces.

Secure Your Reputation with Trust Circle

Email-centric trust has reached its limit, one compromise can unravel a firm’s entire reputation. Trust Circle replaces insecure inboxes with identity-anchored workflows and biometric security.

 

Join the Waiting List

If attackers breach part of your environment, they still cannot simply impersonate their way into your most sensitive work. They cannot escalate trust by forwarding emails or abusing shared access. The blast radius is reduced — not because everything is perfect, but because identity is enforced where it matters most.

A quieter question worth asking

If the CloudNordic story makes you uneasy, you’re not alone. Many organisations I speak to feel the same discomfort, even if they can’t quite articulate why.

A simple question is often enough to start: Which of our most important workflows would we truly be comfortable losing access to — even temporarily?

If the honest answer is “none”, then they probably deserve stronger protection than email can offer.

If you want to explore what that looks like in practice, you’re welcome to join the Trust Circle waiting list or request access to the beta. Start with one workflow. One relationship. One Circle. That’s usually enough to see the difference.

Sources (further reading):

• TechCrunch — Danish cloud host says customers ‘lost all data’ after ransomware attack

• TechTarget — CloudNordic loses most customer data after ransomware attack

• Cybernews — Ransomware encryption devastates CloudNordic, customer data lost

• ENISA — Threat Landscape 2024

• CrowdStrike — CrowdStrike 2024 Global Threat Report

• CrowdStrike — 2023 Threat Hunting Report