WAYSCloud has published a transparency report detailing a high-severity alert that was ultimately confirmed to be a false positive.
The alert originated from test data that had been inserted into a production system during development of a monitoring service. One of the entries included a real external IP address, which caused the alert to appear as a confirmed match and triggered external attention.
No real activity or data involved
A full investigation across storage systems, logs and monitoring data confirmed that no files, uploads or user activity were associated with the alert.
No illegal material was stored, processed or distributed, and no third party was contacted or affected.
Investigation and response
WAYSCloud initiated immediate internal investigation procedures and established direct dialogue with relevant Norwegian authorities to clarify the situation.
The Norwegian Data Protection Authority was notified, and the case was formally reviewed and closed without being classified as a breach of personal data security.
“We treated this as a real incident from the first signal. That is how it should be handled — and how trust is built.”
— Knut Michael Haugland, CEO, WAYSCloud
Measures implemented
Following the investigation, WAYSCloud implemented several changes to prevent similar scenarios:
Clear separation between testing and production environments
Explicit marking and lifecycle control for test data
Use of reserved network ranges for all simulated data
Additional validation of automated alert signals
Transparency in practice
This case reflects how complex systems behave in practice — including scenarios where signals appear critical but do not correspond to real events.
The full report, including technical details and timeline, is available in the Trust Center.