The City of Helsinki is investigating a data breach in its education division, discovered at the end of April 2024, affecting tens of thousands of students, Tutors and staff. According to the details revealed, An unauthorized actor gained access to a network drive after exploiting a vulnerability in a remote access server.
Although officials did not specify which remote access product was targeted, They shared that a security patch for the vulnerability was available at the time of the attack but had not been installed.
The accessed drive contained tens of millions of files, most without personally identifiable information. However, some included usernames, email addresses, Personal IDs and physical addresses. In addition, The exposed unit contained information on tariffs, Early Childhood Education and Care, Children's Status, Wellness Requests, Medical certificates and other highly sensitive information.
Fountain: Bleeping Computer
Image: Ninara (Flickr)