- API Penetration Testing

Top 10 Cybersecurity Breaches in Finland

Learn about the state of cybersecurity in Finland and the 10 biggest breaches in this country.
In recent years, Finland has taken the gold as the country with the lowest cyber danger score across the globe. According to the latest study by Reboot Digital PR Services, the country has the lowest cyber danger score – 12.6 – overtaking other EU countries such as Belgium (26.5), Norway (24.1), Estonia (28.2), and Germany (36.5).

Compared to the previous years, only in Q2 2021, Finland recorded 69,738 cyber incidents. The incredibly high number of attacks has increased by 100% compared to a similar period in 2021. According to Statista, the most common information security violations reported in Finland were scams, phishing, and malware attacks. An increasing tendency for these types of attacks has surged over 92% of companies to take numerous measures aimed to strengthen their digital security.

In this article, we'll analyze the most infamous security breaches in Finland, making a deep focus on the causes, actions, and outcomes of each. Based on this experience, the owners of the Finland-based business will be able to gain some insights on how to act in case of a similar attack, as well as how to secure your enterprise from different sorts of cyberattacks.
#1 Patient Records Illegally Accessed at Helsinki Hospital
One of the earliest large-scale cyber incidents that are known years after happening in 2010 is the personal data theft of hundreds of patients at Haartman hospital in Helsinki. According to the official information, the temporary secretary at the hospital gained unauthorized access to the electronic records of over 200 patients.

After the incident was revealed, the secretary was fired. The criminal investigation lasted for over a year, but the motives of why the secretary opened the case history file remain a mystery up to the present. The Haartman hospital immediately notified all the affected people through email and was in ongoing communication with all the patients.

Though the department's secretary did not have the right to access such information, the cases of viewing the patient's medical records were increasingly common in Finland in the 2010s, according to the Office of the Data Protection Ombudsman. However, over the years of working with electronic healthcare records, patient data security across Finland-based hospitals has improved significantly.
#2 Personal Information of Over 130,000 Finnish Citizens Leaked
In April 2018, Finnish Communications Regulatory Authority (FICORA) reported a massive data breach affecting tens of thousands of people as a result of a website hacking attack. This breach has been estimated as the third-largest data breach that ever happened in the country.

According to the incident's investigation details, the hackers targeted the website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus") – the company that provides business consultancy services to entrepreneurs. As a result of the attack, they have overwritten usernames and passwords for over 130,000 users. However, the worst thing about the incident is the way in which the user data was stored: the login credentials were kept in plain text!

Upon the incident discovery, the company's CEO filed an offense report and took full responsibility for the outcomes. Previously, the security maintenance has been entrusted to the subcontractor, whose performance wasn't checked on a regular basis.
#3 A Massive Leakage of Psychotherapy Patient Data
In October 2020, authoritative news sources became evident of the large-scale leakage of patient data from over 25 therapy centers across Finland. The incident has been described as "a shocking act" and has been immediately transferred to the Finnish police department for a detailed investigation.

According to the updated information, the attackers managed to access the records of Vastaamo, one of the most famous private psychotherapy service providers in Finland. It was uncovered that the patient records were first accessed by intruders in November 2018, while the security flaws continued to exist until March 2019. Security experts also confirmed the leakage of the 10-gigabyte data file containing private notes and healthcare data of over 2,000 victims, including therapists and their patients. However, the overall number of people affected due to the incident is now estimated at tens of thousands of people.

Upon the incident discovery, many victims received a blackmail threat with a demand for €200 (£181) in bitcoin to prevent the contents of their therapies from being made public. Some of the files that appeared on the "dark web" are for sale. Vatsaamo said it immediately informed the local regulators about the incident and affected clients, and also started an internal investigation to estimate the outcomes and eliminate the existing security vulnerabilities.
#4 Finnish IT Giant Hit with Ransomware Cyberattack
A major Finnish IT provider, TietoEVRY, was forced to shut down some of its services and infrastructure due to a ransom attack, which came to be known in February 2021. The company is providing IT and product engineering services in 20 countries, so its disruption could have probably affected tens of hundreds of clients across Finland and beyond.

Upon the incident discovery, TietoEVRY's security department filed the claim to the corresponding regulatory institution, the local cyber police department, and started taking recovery measures to minimize the impact on the services availability with the National Security Authority (NSM) and NorCert – partner agencies who handle the cyberattacks of different type and complexity.

As for the official comments, TietroEVERY is not actively commenting on the situation to the press concerning the ongoing investigation. At the same time, all the affected customers were informed about the incident and remain in ongoing communication as the situation unfolds, according to the report.
#5 Finnair Reports a Client Data Breach Affecting Over 200,000 People
In March 2021, the country's national airline Finnair reported a massive data breach of nearly 200,000 of its clients. According to the comments of Finland's Data Protection Authority, the attackers managed to get illegal access to the personal data of Finnair's frequent flyers, which was stored on one of the systems of Finnair's partner companies.

Based on the official statement of the airline, the hackers could access the client's data, including personal names, customer numbers, and meal and seating requests. At the same time, the company's representatives underlined that the criminals didn't receive any specific contact information, payment card details, or passwords.

After the incident was revealed, the affected companies immediately informed the Finnish data protection authorities, providing all the details about the recent penetration incident. To ensure the client data protection, all the customers which could have been probably affected as a result of this incident were also recommended to change their password in the frequent flyers system.
#6 Finland's Biggest Bank Confirmed Cyberattack
The OP Financial Group, the Finnish largest bank, has confirmed its web services were disrupted due to the ransom attack in January 2021. The corresponding comments about the incident were clarified by the Director of Communications at Osuuspankki.

According to the official statements, the tech department has discovered the login page of the service had been down due to the cyberattack. As a result, the entire service has been shifted to a maintenance state for the detailed investigation of the matter. The attack was averted timely, so all the online services were working normally after a couple of hours.

The company didn't comment on the situation in detail, only informing that all the client data and money have not been compromised, and all of the OP's services are available again. However, in a week, the OP bank has also warned about the phishing messages being sent to Finnish mobile phones, claiming to be from the bank and asking the recipients to click on a link, supposedly to confirm payment.
#7 Finnish Staffing Firm Hit by Cyber Attack, Potentially Leaking Jobseeker and Employee Data
A Helsinki-based staffing firm Eilakaisla confirmed falling victim due to the blackmail malware attack in January 2021, which led to its servers stopping working.

As a result of the attack, there is a high possibility of data leakage stored on some of the servers. The compromised data included the personal information of its jobseekers and employees, as well as customer billing information, however, the company added that no indications of this have been found during the internal investigation.

As soon as the incident had been discovered, Eilakasla filed the criminal report to the Cyber Security Center and the Office of the Data Protection Commissioner. The investigation has been entrusted to the local cyber police authorities, the company also claimed to inform the clients once there is clear evidence of the personal data being stolen. As a precautionary method, the Eilakaisla users were recommended to update their passwords.
#8 Finnish Hotel's Data Was Compromised Due to System Vulnerability
A cyber attack on a hotel reservation system, which occurred in April 2022, has exposed the private information of thousands of Finnish hotel guests. Based on the official reports, at least 20,000 clients were affected by this incident.

According to MTV Finnish news agency, attackers detected a system vulnerability to hacking into the company's computer system responsible for booking and reservation management of dozens of hospitality institutions across the country. The incident was discovered only after 2 months, after which the vulnerability was patched.

The data breach investigation has uncovered the massive leakage of hotel guests' names, addresses, phone numbers, emails, and reservation details. Nevertheless, some of the sensitive documents such as passport data, ID numbers, and financial payment card information weren't affected.

Upon the incident discovery, the affected hotels immediately reported to the Finnish police and the country's data protection commissioner to get further directions and create an efficient solution plan for this incident.
#9 Finland Parliament Website Targeted in Cyber Attack
Another cyber incident that happened in April 2022 was reported by Finland's Parliament, whose parliament's external website has been down due to a denial-of-service (DDOS) attack. The cyber incident occurred during the video address of the President of Ukraine to the country's parliament. According to the latest information, the reasons for that hacking attack are related to the country's NATO membership application, which followed the Russian invasion of Ukraine.

As a result of this DDOS attack, access to the website has been slowed down or, in some cases, completely denied. The official statements of the Finnish Security and Intelligence Service (SUPO) have uncovered that such attacks aimed to "give the impression that society is paralyzed". Fortunately, the hackers didn't breach any system or data, as usually happens in standard attacks.

After the incident was discovered, the country's parliament said it "is taking steps to limit the attack" and the site has been recovered to normal within a couple of hours.
#10 Finnish News Agency STT Suffered from a Cyberattack
In July 2022, the Finnish news agency STT confirmed it had taken some of its systems offline due to a malicious attack. That cyber incident has restricted the performance of the site's news and image distribution for several days, but it's still unclear whether attackers managed to access or stole any data.

Once the incident was uncovered, the STT officials claimed they had been in touch with the corresponding authorities and are currently investigating the details of the breach. The company has also sent notes to other similar media agencies throughout Europe to help them prepare for possible system attacks.

As a rule, hackers often attack media organizations, and the agency reported they have been regularly improving the system's security to resist various types of cyber incidents. Finnish authorities have been also warning of an increased risk of cyber attacks since Russia invaded Ukraine in February.
Remaining proactive in the cybersecurity industry has become one of the key points to the successful digital security of thousands of Finland-based enterprises. Without any doubt, the best way to mitigate the risks and build a robust strategy against various attacks implies learning from the experience of other companies.

Having explored a bunch of examples of Finland's most notable cyber incidents, it's time to finally start improving the security of your business in digital. Reach out to the Cyberlands team and discover the right strategy for improving your business today! Team