The City of Helsinki has continued to cooperate with authorities regarding the data breach targeting the Education Division, said the City in a press release on Tuesday.
The police are investigating the incident as an aggravated computer break-in, and the National Bureau of Investigation (NBI) is responsible for communication related to the progress of the criminal investigation. According to current information, the data obtained by the criminal party has not been misused.
“The network drive that was the target of the breach at the end of April has been restored, and its content is currently being analysed. However, due to the large amount of data, it will take some time to complete the investigation,” said Hannu Heikkinen, Chief Digital Officer.
The data breach was made possible by an outdated remote access server, which has now been decommissioned.
The outdated remote access server was scheduled to be decommissioned in conjunction with the migration of the Education Division’s data centres to a centralised digital infrastructure management function.
However, changes to the migration schedule resulted in the server remaining in use.
“In addition, we are exploring the transfer of the ICT environment and operational ICT work of the Education Division to the city-owned DigiHelsinki company, which began operations at the start of 2023,” said City Manager Jukka-Pekka Ujula.
Understandably, the data breach has caused a lot of concern and questions among residents and city staff.
“The most frequent question we receive is what I need to do in this situation. The second question concerns communication – why have I not been contacted even though my data may have been compromised? In accordance with the General Data Protection Regulation, we have provided as much information as possible to the customer groups whose data may have been compromised,” said Satu Järvenkallas, Head of Education Division.
When the City was made aware of the data breach on 30 April, an investigation was launched immediately. Various security measures were implemented and the Data Protection Ombudsman, the Police, and Traficom’s National Cyber Security Centre were duly notified.
Earlier, Probe shows wider target group for the data breach.
Source: www.dailyfinland.fi