Helsinki data breach | Digital director to HS: No observations that the spoils of a data breach are being shared on the external network

Helsinki The city announced on Monday about a major data breach, with the help of which the perpetrators have obtained the e-mail addresses and user data of all the city’s employees. The City of Helsinki has more than 40,000 employees.

The author also found out the personal identification numbers and address information of the learners, guardians and personnel of the education and training sector. In the worst case, the data leak affects more than 80,000 learners and their guardians.

Digitization Director Hannu Heikkinen the message to learners and their guardians is that you should now treat unknown e-mail messages very critically.

“If messages come from a party that does not seem to belong to teaching or education, they should not be opened at all, or at least their links should not be clicked open.”

If a person’s address information or even personal identification numbers have leaked into improper hands, there is a high risk of identity theft. In identity theft, credit accounts can be opened in the person’s name or goods can be ordered online.

Heikkinen agrees with the research director of the information security company Withsecure Mikko Hyppönenwhich In an interview with HS recommended changing IDs and passwords for important services.

I’m weak according to the city’s personnel have not received blackmail or money-seeking messages.

“And there is no observation that our data is available from the outside network,” Heikkinen clarifies.

Such extensive capture of usernames and address information exposes city personnel to various spam, phishing and spam campaigns. It has been communicated to the personnel that they must now be especially careful not to click on suspicious links.

The investigation of the case is progressing so that the city investigates the traces of the data breach on its own, but also with the help of external service providers. The police are conducting a preliminary investigation based on these reports from the city.

Yet at this stage there is no information about the perpetrators or their motives.

When the case first became public on April 30, Heikkinen considered it possible that the suspicious traffic came from Russia.

“We really don’t have any information about who and what motive has been moving,” says Heikkinen now.

“The communication has come from abroad, as it typically does in these cases. The burglars want to hide their origins.”

When at the end of April, the city noticed suspicious traffic on the network server of the education and training sector, one possibility was considered to be an ill-considered response to a fishing message.

This theory is now not believed.

“Now we know that the break-in happened through a vulnerability in the remote connection server. The intruder has gained access to the network through a vulnerability, and in this case the breach did not occur through a phishing message.”

At Monday’s press conference, it appeared that there was an update for the vulnerability, but it had not been installed.

Helsinki has trained its staff on digital security and more training is now planned. Phishing messages used in many companies for educational purposes have not been used in the city.

The beginning of the data breach has therefore been located in the education and training sector, and more information than e-mail addresses and usernames has been downloaded from the sector’s network disk.

“We know that files have been downloaded from the web server, but we don’t know which files.”

That’s why on Monday, the city gave extensive and individualized information about everything that could have ended up in the hands of the perpetrators.

These include: information on customer fees for early childhood education, information requests for student care, information on the need for special support, medical reports issued due to suspension of compulsory education, and information on sick leave of education and training personnel.

A data breach the perpetrator may also have obtained the information of persons subject to a security ban.

A security ban can be issued if there is a justified and obvious reason to doubt the safety of the person or his family. Such threatening situations are, for example, a witness protection situation, a domestic violence situation or working in a profession where you have to experience the threat of serious physical violence.

“There has been information on the network server of the education and training sector, including address information from persons with a security ban. We wanted to tell about this as publicly as possible, so that people can recognize themselves,” says Heikkinen.

No downloads have been made on the network disks of other industries. For example, information about resident parking IDs is the responsibility of the urban environment department.