City of Helsinki data breach exceptionally extensive: to limit risks, protectingpersonal data is of great importance

Information about the investigation and its progress is available on the SIAF website.

The investigation of the data breach is conducted as an exceptional event investigation under the Safety Investigation Act. According to the Act, such an investigation may concern a very serious event that was not an accident and which resulted in death or that threatened or seriously damaged basic functions in society.

On summer 2025, the investigation group is expected to issue recommendations on how to better develop societal preparedness for very serious events, such as data breaches, and to mitigate their effects.

“The investigation will focus on how society could better prepare for serious events, such as cyber accidents and data breaches. Preparedness means taking anticipatory measures so that, if an accident happens, we are able to take correct steps and prevent its effects. According to the best possible knowledge currently available, in the case of the City of Helsinki data breach we are talking about the information of approximately 300,000 people having leaked out. The data on the network disk is the equivalent of more than 17 stadium towers, as you can see in the picture below. We do not know how much of this data has been leaked. In addition, there are a number of miscellaneous documents among the material." Hanna Tiirinki stresses.

The fig­ure above shows the to­tal num­ber of doc­u­ments on the cracked net­work disk. The to­tal amount of data that was com­pro­mised is not known.

“The focus of the investigation is on the period from the end of April to the end of May. 30 April is the date when the data breach (accident) was first detected. The affected system was in operation again at the end of May, i.e. the network drive was brought back online on 31 May. However, there had been signs of a data breach even before 30 April. In addition, in terms of communications, the investigation cannot be limited to the period mentioned above only. Preparedness measures, communication about the actual event and follow-up communication have continued even after May. In cyber communication, communication is also part of protection and preparedness,” Hanna Tiirinki, Head of the Investigation Group, says.

In collaboration with other authorities, Traficom’s National Cyber Security Centre has provided information and instructions to those fallen victim to the data breach. The information has been compiled on the website https://www.suomi.fi/guides/data-leak maintained by authorities.

“We encourage teachers and parents to discuss the consequences of a potential data leak with young people – especially if the youngsters are concerned about the matter. In practice, for example, when a young person comes of age, their data could be used for purposes such as identity theft. Preparing for different kinds of disruptions in a society is a normal activity and concerns us all,” says Hanna Tiirinki, Head of the Investigation Group.

For instance, Yle (the public broadcaster in Finland) has made good short videos to watch with young people, such as:

https://yle.triplet.io/uutiset/hakkerin-tietoisku-kuinka-paljon-tietoturvasta-pitaa-olla-huolissaan

‍During the autumn, the investigation group has been collecting information by means of requests for information, interviews and interviews. More than 90 per cent of the investigation material has been collected. The amount of collected material is extensive, and thus the investigation group will continue the analysis of this material through the winter. The group intends to hand over the investigation report to the Government in June 2025.

The National Bureau of Investigation (NBI) is conducting a pre-trial investigation on the data breach of the City of Helsinki. The NBI will communicate on the investigation later.
The investigation group operating in connection with the Safety Investigation Authority, Finland (SIAF) is conducting a safety investigation. It will not address matters of guilt, responsibility and liability in the investigation.

The Ministry of the Interior will publish a new guidebook on preparedness on 18 November 2024, which also contains information on cyber security.

Further information:

Hanna Tiirinki, Head of the Investigation Group, tel. +358 2951 50747

E-mail: [email protected]