May 13, 2024 at 11:26AM
The City of Helsinki is investigating a serious data breach affecting tens of thousands of students, guardians, and personnel. An unauthorized actor gained access to a network drive containing sensitive information, including personally identifiable data. The breach impacts over 80,000 students and their guardians, and all city personnel. Authorities have been notified, and impacted individuals are advised to report any suspicious communications.
Based on the meeting notes, here are the key takeaways:
– The City of Helsinki is currently investigating a data breach within its education division, impacting tens of thousands of students, guardians, and personnel.
– The breach was discovered in late April 2024, and more details were shared in a press conference held earlier today.
– An unauthorized actor gained access to a network drive by exploiting a vulnerability in a remote access server; a security patch for the vulnerability was available but had not been installed.
– The accessed drive contained tens of millions of files, some of which included personally identifiable information (PII) such as usernames, email addresses, personal IDs, and physical addresses, as well as highly sensitive information like fees, childhood education and care, children’s status, welfare requests, and medical certificates.
– In the worst case, over 80,000 students and their guardians could be affected by the breach, along with all city personnel as the perpetrator gained access to all personnel usernames and email addresses.
– The investigation to determine the extent of the compromised data is expected to take some time.
– The City of Helsinki has notified relevant authorities, including the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre. Impacted individuals are advised to report any suspicious communications and follow guidance provided by Traficom.
– At present, no ransomware groups have claimed responsibility for the attack, and the perpetrators remain unknown.
Let me know if you need further details or if there’s anything else I can assist you with.