Following the discovery of the data breach, the City implemented various security measures and carried out communication and customer service. The City also contacted the Data Protection Ombudsman, the police and Traficom’s National Cyber Security Centre. The perpetrator’s network activity was successfully stopped after detection, and no further signs of them accessing the network have been found since.
The data breach and theft were facilitated by a lack of several security controls related to remote server settings, network segregation and data security monitoring. The investigation into the breach revealed several areas in need of improvement, reflecting the City’s technical debt, as well as risks caused by ambiguities related to the City’s data protection administration.
The breach resulted in the perpetrator gaining access to the user data of all of the City’s employees and two terabytes of data stored on an Education Division network drive, which may also include personal data on learners born in 2005–2018 and their guardians living in Helsinki. The groups potentially affected by the data breach have not expanded from those previously announced.
Investigation and corrective measures carried out by a wide range of experts
To manage the investigation into the breach and related corrective measures, the City established a coordination group operating under the City Manager. Since its establishment, the coordination group has been working closely with other authorities, especially Traficom’s National Cyber Security Centre, the Data Protection Ombudsman and the police.
In addition to the authorities, the coordination group has engaged in cooperation with an extensive range of both the City’s own and external experts to limit the impacts of and investigate the breach.
“Based on the technical investigation, we have strengthened our practices related to the security, administration and management of the City's ICT services as well as its IT infrastructure. We will also be clarifying the responsibilities related to our data security management,” states Chief Digital Officer Hannu Heikkinen.
The urgent phase of the investigation and in the implementation of the necessary corrective measures has ended. The operation of the coordination group, which includes the steering and monitoring of corrective measures, will continue as part of the City’s normal management structure in accordance with the City’s crisis management model.
An investigation launched by the Government and being carried out by the Safety Investigation Authority, Finland (SIAF) continues and is expected to be completed in summer 2025. The police are investigating the case as an aggravated computer break-in.
Helsinki City Board considers it necessary that the program to ensure information management, data security, and protection of personal data is implemented as soon as possible. The City Board also demands that the City Executive Office and the divisions take all reasonable actions to ensure strong and complete data security and the functionality of the information management of the City and its services in the future.
