Helsinki’s data breach crisis caused by unpatched remote access server

Helsinki’s education division uncovered a significant data breach in late April 2024, affecting tens of thousands of students, guardians, and staff members. The breach was made public on May 2, 2024. Hackers gained unauthorized access to a network drive by exploiting a known vulnerability in a remote access server. Shockingly, a security patch for this flaw was available but had not been installed, leaving the system vulnerable.

The accessed drive contained millions of files, with some containing sensitive personal information such as usernames, email addresses, personal IDs, physical addresses, fee details, childhood education records, welfare requests, and medical certificates.

City manager Jukka-Pekka Ujula emphasized the severity of the breach, expressing regret over the potential consequences for affected individuals. With over 80,000 students and their guardians potentially impacted, along with all city personnel, the breach poses significant risks.

Helsinki authorities have initiated an investigation into the breach, notifying relevant authorities such as the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre. Victims are urged to remain vigilant for suspicious activity and report any concerns while the investigation continues.

Want to read more? Click Here!

Previous Post

Google Cloud provisioning misconfiguration leads to UniSuper’s business disruption for a week

Related Posts