Data breaches | Security expert: The City of Helsinki data breach is unfortunately typical

Helsinki the data breach that targeted the city is unfortunately typical, says the research director of the information security company Withsecure Mikko Hyppönen.

“Data breaches of this type occur almost everywhere in the world, so it is not surprising in itself that they happen from time to time in Finland as well,” Hyppönen says.

The City of Helsinki said on Monday at his briefingthat in the data breach observed on May Day Eve, the perpetrator obtained, among other things, the usernames and email addresses of all the city’s employees, as well as the personal IDs and address information of the learners, guardians and personnel of the education and training industry.

A data breach made possible by a vulnerability in the city’s servers, which was due to the fact that the servers had not been updated.

Such an “entry route” is a common way to break into organizations, Hyppönen says. According to him, fixing such a security hole is easier said than done in an organization the size of Helsinki.

“In practice, implementing something like this is much more difficult, and here it was once again seen. Trying to update everything is different from actually updating the servers,” Hyppönen says.

By this, Hyppönen means that, for example, Helsinki’s schools and health care form extensive and complex systems.

“It is easy to understand that it [ympäristön] keeping it fully updated is quite a challenge. It’s difficult and expensive,” he says.

“Unfortunately, often the amount needed to protect resources is only obtained after something unpleasant happens.”

Jumping according to it is possible that the city of Helsinki was attacked by chance.

“The entire internet is scanned in a couple of hours, which makes it possible to find vulnerable systems everywhere. The attacker may not have even been terribly aware of what the system is, what he has gotten into,” Hyppönen says.

More detailed information about the perpetrator of the data breach has not yet been disclosed, but according to Hyppönen, it is most obviously not a so-called ransom trojan. In this case, the stolen data would usually be encrypted and the perpetrator would file a ransom demand to prevent the data from being leaked.

According to him, it is possible that the attacker was about to demand a ransom, but the attack was stopped.

The perpetrator of the data breach may also try to commit identity theft with the obtained information or use it to guess IDs for other services, Hyppönen estimates.

Hyppönen advises those who suspect they have been the victim of a data breach to monitor possible unusual messages.

“If someone tries to log in with your credentials, it’s often an email or a text message. They have to be taken seriously. It’s not a bad idea to change your usernames and passwords for important services,” he says.

At issue is possibly the largest information leak in the municipal sector. Hyppönen considers the case significant.

“The biggest cases in Finnish history.”

In Hyppönen’s opinion, the case compares in scope, for example to the city of Lahti data breach that occurred in 2019. At that time, as a result of a cyber attack, the communication connections between the city of Lahti and the Päijät-Häme welfare association were interrupted.