Probe shows wider target group for Helsinki City data breach
Published : 22 May 2024, 03:42
With progress made on the investigation into the 30 April data breach, it has emerged that the perpetrator may have gained access to a larger amount of information on the customers of the Education Division’s services, said the City of Helsinki in a press release on Tuesday.
The possible number of people impacted by the data breach is likely to rise.
It is possible that the perpetrator has gained access to data on all persons of compulsory school age in Helsinki.
The City of Helsinki stores information on persons of compulsory school age from Helsinki, and their parents, based on the City’s duty to monitor the achievement of compulsory education.
This data was stored on a City network drive that was impacted by the data breach.
This set of data included personal IDs of the child born in 2005–2018 and guardians, addresses of the children and guardians (no phone numbers or email addresses), native language and nationality of the children and religious community of the children (evangelical Lutheran / orthodox / registered religious community / not part of a religious community).
Possibility of data breach also impacting private early childhood education, private schools and upper secondary schools, and private vocational schools.
In addition to the City’s early childhood education units, schools and educational institutions, regarding private day-cares, contractual schools in Helsinki, private and state-run schools as well as private upper secondary schools and vocational schools.
This group additionally included all students who have applied for weighted curriculum education as well as learners from Helsinki undergoing home schooling.
The data breach may also impact learners from Helsinki that study in other cities.
Targets may include students and apprentices from Helsinki Vocational College and Adult Institute, customers of Swedish Adult Education Centre Arbis, as well as families that have participated in clubs activities arranged by early childhood education.
In addition to customer data of the day-care, playground and school in Santahamina, the access permit data of visitors to these branches may have been accessed by the perpetrator of the data breach.
This data may also include passport numbers for families with a foreign background.
According to current estimates, it is possible that the data breach impacts roughly 150,000 learners as well as their guardians.
As the City has previously stated, all roughly 38,000 city personnel were also impacted by the data breach.
“The investigation into the breach will continue in cooperation with the authorities and further information will be shared as the investigation proceeds. The City and other authorities’ recommendation is that you begin actively securing your personal data, even though the investigation into the data breach is still ongoing,” said City Manager Jukka-Pekka Ujula.
The National Bureau of Investigation and the Police are investigating the case as an aggravated computer break-in, and communications on the criminal investigation will be provided by the Police.
The victim of the crime is currently the City of Helsinki, from whom the police receive all necessary information for the investigation of the case.
When the City was made aware of the data breach on 30 April, an investigation was launched immediately. Various security measures were implemented and the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre were duly notified.