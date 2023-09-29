According to the press releases and announcements made by the welfare regions so far, the data leak may have targeted almost 36,000 people.

of Tena products the cyber attack on the Westlog company that managed the home delivery could have compromised the personal data of tens of thousands of people in Finland.

Westlog estimated in its first notification to the data protection commissioner’s office in August that 100,000 people were affected by the breach. Managing director Ossi Ojanen tells STT that it was an initial assessment.

“It [100 000] was a clean estimate at the time of the event. It is by no means an exact number,” says Ojanen on Friday.

Based on the information collected by STT, there have been home delivery customers of incontinence products in the majority of Finnish welfare areas affected by the data breach.

According to the bulletins and announcements made by the welfare regions so far, the burglary may have targeted almost 36,000 people. Ojanen does not comment on the exact number of customers of the welfare areas that were in the register, because according to him the responsibility for informing lies with the controller, i.e. the welfare area.

“Actually, I don’t currently have such a number that I can see the whole amount from,” he says and says that the company has forwarded the information to the registrars.

Westlog was the target of a ransomware attack at the end of last month.

The data breach that followed the attack has targeted tens of thousands of people who have received Essity’s Tena incontinence products as home delivery, according to information security breach notifications and welfare areas. STT received information security breach notifications with an information request.

The data breach notice of Essity, the manufacturer of Tena products, mentions that the data leak may have affected 50,000 of its customers. There is also a clientele of welfare areas.

“We are aware that some [mutta ei kaikkien 50 000:n] the personal IDs of our individual customers have been exposed to a data breach”, states Essity’s September privacy breach notice.

Based on the collected data, home delivery customers of incontinence products have been affected by the data breach in the majority of Finnish welfare areas. At least 14 of Finland’s 21 welfare regions have either informed or notified the data protection commissioner’s office about the data leak.

Ojanen does not comment on whether all welfare areas have been their transport customers.

“Our customer is Oy Essity Finland Ab, and their service is provided by us. The contracts for the welfare areas have been made with Oy Essity Finland Ab,” he says.

Essity’s privacy breach notification also mentions an estimate that the Westlog data breach may have affected the privacy of 100,000 people. Based on the reports, both Essity and Westlog assessed the effects of the data breach as serious. Both Westlog’s Ojanen and Essity have also apologized for what happened to their customers.

Logistics company In its announcement, Westlog writes that their systems have contained their customers’ delivery and customer register data, which included, among other things, the customer’s address and product order information.

It also appears from the reports made to the Data Protection Commissioner that if the customer who ordered Tena products has indicated his personal identification number in connection with the order, it could have been compromised. According to the announcements, the identity number of the customer in the wellness area has been notified to Westlog if the customer has ordered incontinence products at their own expense.

On the other hand, just from having been a home delivery customer of Tena products, you can infer private health information. Tena products are mainly bandages and diaper-like products aimed at adults, which are used to help with urinary incontinence.

Both Westlog and the company’s partner Essity made the required notifications to the authorities when the cyberattack occurred. Both also informed their customers about what happened. According to data breach notifications, a criminal complaint has been filed about the data breach.

According to Westlog, customers’ online banking or payment card information was not included in the data leak.

All welfare areas and health sector operators, whose customers have been affected by the information leak, have not publicly informed the matter by Friday morning. Not everyone has said how many of their customers may have been affected by the data breach.

The data breach has affected patients in welfare areas who had the right to receive home delivery of incontinence pads as medical supplies free of charge. However, the welfare areas have been able to tell Tena home delivery customers directly about the data leak without publishing a press release.

In the past, it has already become apparent that thousands of customers in the welfare regions of Päijät-Häme (around 6,200), North Ostrobothnia, Pirkanmaa, Satakunta, Varsinais Suomen and Ostrobothnia may have been affected by a data breach. The Central Uusimaa welfare area said on Thursday that the leak could affect more than 4,000 of its customers.

The welfare regions of Kanta-Häme, Central Finland, South Ostrobothnia and North Karelia have also informed about the online attack, but they have not told the number of customers that the data breach may affect.

However, it appears from the data protection notices obtained by STT that the attack may have affected thousands of customers in the welfare regions of North Karelia (5,022), Itä-Uusimaa (3,300) and Länsi-Uusimaa (9,773) and Kymenlaakso (7,604). In its announcement, the Pohjois-Savo welfare area has said that the data of its client Roche Diagnostics was exposed in the Westlog breach.

Based on the announcements and press releases of the welfare regions alone, the personal data of almost 36,000 people could have been compromised in the leak.

Also The city of Helsinki and Hus, which is responsible for specialized hospital care in Uusimaa, have been affected by the data leak, but both are still investigating the extent of the effects.

According to the announcement of the city of Helsinki, information about the attack was only reacted to after mid-September, when one of its employees happened to notice a mention of the matter on Essity’s website. However, the city had already been notified of the matter at the end of August.

The information of 500 actual Finnish ear device companies’ customers could also have been leaked, according to the material.

The well-being areas have been able to inform the data protection commissioner about the breach even after STT’s request for information from the beginning of the week.

Westlog was the target of a cyber attack on August 25, so that the company’s information was captured and access to it was blocked with the help of ransomware. The company was alerted to the attack by its server provider and shut down the servers shortly after the discovery.

Ossi Ojanen said earlier this week that the data had been hacked by exploiting a weakness in Cisco’s VPN service. Ojanen also said that Westlog has since improved the level of its data security and used resources to prevent something similar from happening again.

So far, it is not known that information stolen from Westlog has been published on the dark web or attempted to be traded on dark web marketplaces.

The welfare areas and Essity have urged their customers to notify the police if they suspect that their data has been misused.

You can find action instructions on the website of the Office of the Data Protection Commissioner at tietosuoja.fi if you are the target of a data security breach.