Finnish Authorities Probe Espionage-Linked Cyber Breach at State IT Provider
Finnish police have expanded a criminal investigation into a January cyberattack on Valtori, the State Information and Communication Technology Centre, to include suspected espionage. The breach, initially treated as an aggravated data breach, now raises concerns over potential threats to Finland’s national security.
The attack, which occurred on 29 January, targeted a mobile device management (MDM) system used by government agencies. Authorities estimate that up to 50,000 public sector employees may have been affected, with exposed data including names, work email addresses, phone numbers, and device-related information. The compromised systems serve multiple government bodies, including ministries and the prosecution service.
Lead investigator Aku Limnell stated that while the type of data accessed remains consistent with initial assessments, its combined implications could pose risks to Finland’s security. The expanded investigation reflects a deeper understanding of the breach’s scope and potential harm.
Valtori, which provides IT services to central government institutions, and its client agencies are listed as injured parties in the case. Authorities have not disclosed details about suspects or attack methods, and the pre-trial investigation remains ongoing. No further comments have been provided at this stage.
Valtori cybersecurity rating report: https://www.rankiteo.com/company/valtori-official
Finnish Government cybersecurity rating report: https://www.rankiteo.com/company/finnish-government
"id": "VALFIN1776776044",
"linkid": "valtori-official, finnish-government",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Up to 50,000 public sector '
'employees',
'industry': 'Government, Information Technology',
'location': 'Finland',
'name': 'Valtori',
'type': 'State IT Provider'},
{'industry': 'Government',
'location': 'Finland',
'name': 'Finnish government agencies (ministries, '
'prosecution service)',
'type': 'Government Bodies'}],
'data_breach': {'number_of_records_exposed': 'Up to 50,000',
'personally_identifiable_information': 'Names, work email '
'addresses, phone '
'numbers, '
'device-related '
'information',
'sensitivity_of_data': 'High (names, work email addresses, '
'phone numbers, device-related '
'information)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2024-01-29',
'description': 'Finnish police have expanded a criminal investigation into a '
'January cyberattack on Valtori, the State Information and '
'Communication Technology Centre, to include suspected '
'espionage. The breach, initially treated as an aggravated '
'data breach, now raises concerns over potential threats to '
'Finland’s national security. The attack targeted a mobile '
'device management (MDM) system used by government agencies, '
'affecting up to 50,000 public sector employees.',
'impact': {'data_compromised': 'Names, work email addresses, phone numbers, '
'device-related information',
'systems_affected': 'Mobile Device Management (MDM) system'},
'investigation_status': 'Ongoing (pre-trial investigation)',
'motivation': 'Espionage, National Security Threat',
'references': [{'source': 'News Article'}],
'regulatory_compliance': {'legal_actions': 'Criminal investigation '
'(aggravated data breach, '
'suspected espionage)'},
'response': {'law_enforcement_notified': 'Yes (Finnish police)'},
'title': 'Espionage-Linked Cyber Breach at Finnish State IT Provider',
'type': 'Espionage, Data Breach',
'vulnerability_exploited': 'Mobile Device Management (MDM) system'}