"Helsinki Suffers Data Breach After Hackers Exploit Unpatched Flaw"

The City of Helsinki, located in Finland, is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. Though information about the attack was circulated on May 2, 2024, the city's authorities shared more details in a press conference recently. According to the authorities, an unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server. While the officials did not state what remote access product was targeted, they shared that a security patch for the vulnerability was available at the time of the attack but had not been installed. It was noted that the accessed drive contained tens of millions of files, most devoid of personally identifiable information (PII). Still, some included usernames, email addresses, personal IDs, and physical addresses. Additionally, the exposed drive contained information about fees, childhood education and care, children's status, welfare requests, medical certificates, and other highly sensitive information. The authorities noted that the data breach affected at least 80,000 students and their guardians. The breach also affected all personnel of the city, as the perpetrator gained access to all personnel usernames and email addresses. No ransomware group has taken responsibility for the attack so far.

BleepingComputer reports: "Helsinki Suffers Data Breach After Hackers Exploit Unpatched Flaw"