The fraudsters have stolen the money with use of a Trojan horse, a programme that installs malicious software in the user’s computer. More than 250 customers have so far been hit, and 121 people are on the list of suspects, Computer Sweden reports.
Police say they are receiving reports of new attacks daily.
Nordea says it has known about the attacks for some time, but has chosen not to inform the public.
The bank has also been the subject of numerous so-called phishing attacks, in which customers have received emails falsely claiming to be from the bank. Customers were informed about these attacks in a major campaign by Nordea.
The first attack took place in September 2006, according to Computer Sweden. Police analysis showed that the virus is activated when customers enter their log-in details. The customer receives an error message and their details are sent to the fraudster, who then moves money to his own account.
Analysis of the affected customers’ computers has shown that the log in information is sent to servers in the United States, and then on to Russia. There, large amounts of money were taken from the accounts.
Police say that the bank has managed to prevent even larger sums being stolen, by cancelling transactions before they can be carried out.
Some 121 people have been identified as involved in the conspiracy, and two have been convicted. The masterminds have still not been identified, police say.
Nordea says that all customers who fall prey to the attacks will be compensated.
“Customers must never suffer loss due to things like this,” said spokesman Boo Ehlin.
The bank says it continuously reviews its security procedures, but is encouraging customers to review their virus protection.