Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Authorities investigating the Helsinki data breach revealed the attack originated in hackers exploiting an unpatched vulnerability.
On May 2, 2024, the City of Helsinki announced that a data breach impacted its Education Division. The hackers got access to a network drive containing tens of millions of files belonging to tens of thousands of people.
Considering the number of users in the city’s services now and in previous years, in the worst case, this data breach affects over 80,000 students and their guardians. The breach also affects all of our personnel, as the perpetrator gained access to all personnel usernames and email addresses
said City Manager Jukka-Pekka Ujula.
The City of Helsinki’s internal team as well as external experts are conducting an ongoing investigation.
The compromised data
Some of the compromised documents contain confidential data or personally identifiable information (PII) belonging to students and employees:
- usernames
- email addresses
- personal IDs
- physical addresses
On the targeted server there was also information about
- fees for childhood education
- children’s status
- welfare requests
- medical certificates
- special support requests
- the sick leave records of Education Division personnel
Security specialists are still to find out if the Helsinki data breach impacted other sensitive information. Satu Järvenkallas, Executive Director of the Education Division said:
Unfortunately, we are currently unable to provide an accurate assessment of what data the perpetrator may have accessed. What we can tell you about at this time are the possible risks, so that personnel and customers of the Education Division can prepare for them. This procedure is in line with data protection law.
Source – City of Helsinki Press Release
The unpatched remote access vulnerability
Although the City of Helsinki didn’t reveal the exact CVE, they said hackers exploited a remote access server’s vulnerability. The attackers used it to connect to the Education Division network. For the moment, there are no evidences of them accessing any other networks or data in the City of Helsinki’s infrastructure.
Reportedly, there was an available hotfix for the vulnerability, but the IT team didn’t succeed to apply the patch in time.
With thousands of vulnerabilities being discovered every year, patching fast enough to keep hackers away can be challenging. In the absence of an automated patch management tool, IT teams can feel overwhelmed.
One reason for patch management being the second most challenging task is “the continuous need to stay up to date with the latest security flaws”, says Alex Panait, SysAdmin at Heimdal Security.
He also advises using automated patch management to solve asset inventory, checking for patches, deployment, testing, etc. with one click.
The City of Helsinki said they took the necessary measures to prevent this kind of incidents in the future. They’ve also offered help and assistance for those impacted by the data breach.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
