The preliminary investigation that is being conducted by the National Bureau of Investigation will assess whether there has been negligence in the protection of the data that was subject to the data breach that would give reason to suspect a crime. The preliminary investigation is in its initial stages and no names have been mentioned.
The handling of the case is proceeding according to normal. The authority in charge of the preliminary investigation is investigating the case, after which the prosecutor will conduct a criminal investigation based on the information obtained in the preliminary investigation and decide whether to press charges. If the threshold for charges is exceeded, the case will be transferred to the District Court.
The National Bureau of Investigation is responsible for all communications related to the handling of the case.
City has stepped up its security after the incident
After the data breach was discovered, the City of Helsinki implemented various security measures without delay which helped stop the perpetrator’s post-incident online activities. No signs of the perpetrator have been observed online since the data breach occurred.
To prevent similar data breaches, the city has promoted numerous measures to enhance data management, security and data protection. A technical evaluation found that the city’s practices related to the security, maintenance and management of the city's ICT services and IT infrastructure have been strengthened. Security management responsibilities have also been clarified.
The investigation into the data breach commissioned by the Finnish Government is progressing under the leadership of the Safety Investigation Authority Otkes, and the work is expected to be completed in the summer of 2025. The data breach that targeted the City of Helsinki's data systems is also being investigated as a separate preliminary investigation entirety.
According to the information available, the data that was accessed by a criminal element in the City of Helsinki Education Division data breach has not been misused.
