Helsinki data breach|The data breach affecting the city has raised many questions about why this happened. This is how Helsinki responds.
Why how come millions of documents are stored on one network drive, which may contain even sensitive information?
This is one of the many questions raised by the data breach targeting the education and training sector of the City of Helsinki. The data breach was discovered at the end of April.
A hacker who gained access to the city’s network drive may have gained access to the information of up to 150,000 children and their guardians, as well as the city’s approximately 38,000 employees, such as addresses, social security numbers and even passport numbers.
The hacked network disk contained more than 10 million documents, which have contained a wide variety of information: the disk has contained both everyday memos and occasionally even sick leave certificates or special support decisions in the same jumble.
Now the network disk is closed, and city employees cannot go through the contents of the network disk.
Bridge so at the moment no one knows exactly what information may have been leaked. The city does not have an exact timetable for that, because the network drive has been moved to a new environment and its contents are accessible.
HS asked the head of education and training about the material that was the subject of the data breach and its storage A fairy tale from Järvenkallas and from the city’s digitization director From Hannu Heikkinen.
At the very beginning, it was announced that the network disk in question may also have contained sensitive information, such as documents dealing with the students’ health status or staff absences due to illness. Has the situation been more detailed regarding these?
“It is possible that the network disk has had, for example, documents related to the special support decision, which are related to the preparation of class divisions, in which case the information is temporarily stored on the disk. This network disk has not been the place where sick leave certificates were stored, but they may have been there,” states Järvenkallas.
He emphasizes that it has been a network drive used as a safe workspace in accordance with the city’s instructions, where most of the material is various industry memos and preparatory materials.
Why has there been so much material on one network drive? Why is such information not stored in the systems?
“It is normal practice to store such documents on a network drive. These are files needed at work, and it is not possible to keep them in the systems,” Heikkinen replies.
How large a number of people normally have access to all these files? Do we track who views the data?
“The files have been in file folders on the branch’s network drive. Normally, employees have rights to the files of their own work unit, but now the hacker has been able to raise his user rights to the highest root user level,” says Heikkinen.
According to Heikkinen, only people working in system maintenance tasks have such rights under normal circumstances.
Since it is a network disk with files, there is no trace of viewing these documents, unlike for example in patient information systems.
Therefore, even without a data breach, it would not be possible to find out who has sufficient user rights to view the data of students, their guardians or employees.
Is there any information on how old documents have been stored on the network drive?
“We cannot check the situation because the network disks are closed. We know that there are some older files, but we don’t speculate on how old they are,” says Järvenkallas.
According to Järvenkallas, the instructions will be reviewed with the staff. He emphasizes that it is still not possible to draw such conclusions that someone has acted improperly in terms of data retention.
“This matter will also be resolved later.”
Information security risks have been highlighted in several different contexts, for example in the 2021 audit report. Why haven’t they been taken seriously?
“We have done a lot for data protection and information security. The issue has been discussed in the management, trainings have been organized and it has been ensured that the personnel is doing DigiABC training. It still cannot be said that the instructions have not been followed, and I don’t think anyone should be judged until the matter has gone through,” says Järvenkallas.
Whose responsibility are these data security practices after all?
“Instructions related to information security come from the city office, that is, they are decided by the city management and the head of the office. The industries, information security experts and information security managers then implement these guidelines,” states Heikkinen.
The incident will be investigated not only on the city’s side, but also in cooperation between Helsinki and the Central Crime Police. The so far unknown perpetrator of the data breach is suspected of gross data breach.
#Helsinki #data #breach #millions #documents #network #drive #Helsinki #appeals #normal #practice