The violation targeted the central government’s ICT service provider, Valtori, in late January.
Police suspect that espionage played a role in a major data breach that targeted the central government’s ICT services provider Valtori in late January.
The National Bureau of Investigation began investigating the incident as a case of aggravated data breach, and now also suspects espionage.
The exposed data is suspected to include information from more than 50,000 government mobile devices. Authorities suspect the breach exposed data from entities including prosecutors, ministries, and possibly others.
As Valtori publicly reported the breach on 6 February, it said that personal data had been compromised, including people’s names, work email addresses and phone numbers. Additionally technical information about the mobile devices had also been compromised, as well as country-level location information.
When news about the breach was announced, Valtori’s Deputy Director General of ICT support, Hannu Naumanen, characterised the breach as a significant information security risk.
He said at the time that no emails, images or other content on mobile devices have been compromised, but added that risk from the attack was still significant.
During the investigation, police looked into what kind of information was stolen, as well as carried out other technical probes and analysis.
“A clearer picture has been created of the stolen information, which has led to an additional crime category, espionage, being added alongside the aggravated data breach criminal category,” the police said in a press release on Tuesday.
The goal of the ongoing preliminary investigation is to clarify the course of events and identify the perpetrator, according to the NBI’s Detective Inspector Aku Limnell.
