Excerpt from BleepingComputer Article, Published on May 13, 2024
Helsinki, Finland The City of Helsinki is grappling with a significant data breach within its education division, discovered in late April 2024, affecting tens of thousands of students, guardians, and staff members.
In a press conference held today, city officials provided further insights into the breach. According to their disclosure, an unauthorized actor exploited a vulnerability in a remote access server to gain entry to a network drive. Although a security patch was available at the time, it had not been installed.
The breached drive contained millions of files, primarily devoid of personally identifiable information (PII). However, some files included sensitive data such as usernames, email addresses, personal IDs, and physical addresses. Additionally, the exposed data encompassed details on fees, childhood education, welfare requests, and medical certificates, intensifying the gravity of the breach. City manager Jukka-Pekka Ujula expressed deep regret over the incident, acknowledging its potential adverse impact on customers and personnel. With over 80,000 students and their guardians possibly affected, along all personnel whose usernames and email addresses were compromised, the breach casts a wide shadow over Helsinki’s administrative landscape.
Given the extensive scope of the compromised data, authorities anticipate a protracted investigation into the breach’s ramifications. The City of Helsinki has promptly notified relevant authorities, including the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre. As investigations unfold, affected individuals have been urged to remain vigilant and report any suspicious communications to designated channels provided by the city. So far, no ransomware groups have claimed responsibility for the breach, leaving the perpetrators shrouded in mystery.
As Helsinki grapples with the aftermath of this breach, questions loom over the efficacy of cybersecurity measures and the urgent need for timely patching to mitigate future vulnerabilities.
To delve deeper into this topic, please read the full article on BleepingComputer.