The City of Helsinki, the capital of Finland, on Monday announced that personal information of students and personnel was stolen in a cyberattack at the end of April.
The incident, discovered on April 30, targeted the city’s education services, and was initially believed to have led to the compromise of student and personnel usernames and email addresses.
On Monday, however, the city announced that the usernames and email addresses of all city personnel were compromised in the data breach, along with the IDs and addresses of students, guardians, and personnel from the city’s education division.
Furthermore, the city’s investigation revealed that the attackers also gained access to network drives pertaining to the education division, some of which contain confidential and sensitive information.
“Most of the data on the network drive (tens of millions of files) are documents that do not contain personally identifying information or only contain ordinary personal information, the opportunity for abuse of which is not considered to be significant,” the city said on Monday.
The potentially compromised information includes data on children’s education and care fees, details on student welfare and need of special support, medical certificates for students who suspended their studies, and sick leave records for the division’s personnel.
“We cannot rule out the possibility of the perpetrator gaining access to data of persons under a non-disclosure restriction,” the City of Helsinki said.
Some of the data is believed to be years old, impacting individuals who were previous customers or employees of the education division. The city has yet to determine the full extent of the data breach and to provide specific details on the compromised information.
More than 80,000 students and guardians are likely affected by the data breach, City of Helsinki manager Jukka-Pekka Ujula said.
According to the city, the attackers compromised the network by exploiting a known vulnerability in a remote access server, for which a hotfix has been available, but not applied.
“Our security update and device maintenance controls and procedures have been insufficient. After the breach, we have taken measures to ensure that a similar breach is no longer possible,” Helsinki’s chief digital officer Hannu Heikkinen said.
Heikkinen also noted that the investigation has not discovered evidence of other city divisions being compromised, but all networks are being closely monitored.
It’s unclear if this was a ransomware attack. No ransomware group appears to have taken credit for the intrusion.
Related: FBCS Collection Agency Data Breach Impacts 2.7 Million
Related: Kaiser Permanente Data Breach Impacts 13.4 Million Patients
Related: 180k Impacted by Data Breach at Michigan Healthcare Organization
