Helsinki

A data breach affecting Helsinki, Finland’s capital and largest employer, exposed sensitive personal data of over 300,000 people. The incident involved a breach in the Education Division, known as KASKO, where an outdated Cisco ASA 5515 firewall appliance was exploited. The attacker gained privileged access to internal systems and stole approximately 2TB of data, impacting city employees, childcare benefit applicants, private schools staff members, students, and their relatives.

Source: https://www.infosecurity-magazine.com/news/helsinki-ncscfi-major-data-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/helsinki

"id": "hel901062425",
"linkid": "helsinki",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'over 300,000 people',
                        'industry': 'Public Sector',
                        'location': 'Helsinki, Finland',
                        'name': 'Helsinki',
                        'size': '40,000 employees',
                        'type': 'City Government'}],
 'attack_vector': ['Brute Force', 'Vulnerability Exploit'],
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '10 million documents, or 2TB of '
                                              'data',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive personal data'},
 'date_detected': '2024-04-30',
 'date_publicly_disclosed': '2024-05-02',
 'description': 'A 2024 data breach affecting Helsinki, Finland’s capital and '
                'largest employer, which exposed sensitive personal data of '
                'over 300,000 people.',
 'impact': {'data_compromised': 'Sensitive personal data',
            'systems_affected': ['Cisco ASA 5515 firewall appliance',
                                 'Microsoft Active Directory',
                                 'Virtualization server',
                                 'Backup server']},
 'initial_access_broker': {'entry_point': 'Cisco ASA 5515 firewall appliance',
                           'high_value_targets': ['Microsoft Active Directory',
                                                  'Virtualization server',
                                                  'Backup server']},
 'investigation_status': 'Completed',
 'motivation': 'Data Exfiltration',
 'post_incident_analysis': {'root_causes': ['Outdated hardware',
                                            'Lack of updates',
                                            'Brute force attacks',
                                            'Vulnerability exploit']},
 'references': [{'source': 'Infosecurity Magazine'}],
 'response': {'third_party_assistance': 'Private digital forensics and '
                                        'incident response (DFIR) partner'},
 'title': 'Helsinki 2024 Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Cisco AnyConnect software vulnerability'}