The City of Helsinki on Monday provided Data Protection Ombudsman with more detailed information about the major data breach took place in April, said the city in a press release.
The Ombudsman requested more detailed report of the amount and categories of personal data on the network drive that was breached.
The submitted report does not reveal anything new about the previously announced possible target groups of the data breach but provides more detailed information on the data content that may have been accessed.
The estimated number of people that may have been affected by the data breach has been updated to 96,700 students and their guardians.
The previous estimate of the number of learners was 150,000.
The reasons for the decrease include the deduction of overlaps in situations such as the child having transitioned from early childhood education and pre-primary education to basic education.
The analysis of the network drive that was targeted in the data breach at the end of April continues. Due to the large amount of data, completing a full analysis will require some more time.
It may not be possible to identify each document or person affected by the data breach, which means that any and all Education Division customers may be affected by the breach.
Customers of the Education Division included current and past students in basic and upper secondary education and their guardians, children in early childhood education held by the City and their guardians, current or past students at the Helsinki Adult Education Centres and and customers of the City’s student welfare, such as those of school social workers or school psychologists.
With progress made on the investigation into the data breach, it has emerged that the perpetrator may have gained access to a larger amount of information on the customers of the Education Division’s services.
It is possible that the perpetrator has gained access to data on all persons of compulsory school age in Helsinki.
This set of data on learners from Helsinki born in 2005–2018 and their guardians included Personal IDs of the child and guardian, addresses of the child and guardian, native language of the child and nationality of the child.
In addition to the other City of Helsinki employees, the data breach may also affect temporary employees who work, for example, as early childhood education and teaching substitutes.
According to current information, the data obtained by the criminal party has not been misused.
Earlier, Probe shows wider target group for the data breach.
When the City was made aware of the data breach on 30 April, an investigation was launched immediately. Various security measures were implemented and the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre were duly notified.
Source: www.dailyfinland.fi