There is a suspicion of a data breach on the FINAS.fi website of the Finnish Accreditation Service. Valtori, the government ICT centre, observed abnormal activities on the server and notified the Finnish Safety and Chemicals Agency Tukes of the breach on 22 July.
This incident is linked to a global vulnerability in SharePoint On-Premises servers reported by Microsoft on 19 July. The suspected data breach targeted a server that contains the FINAS Finnish Accreditation Service’s website.
Corrective measures are being taken on the server in question, due to which the FINAS.fi website is temporarily unavailable. Investigation of the incident will proceed in cooperation with Valtori, who is responsible for the servers.
The website server stores the IP addresses of the site’s visitors. IP addresses can be used to find out the visitor’s city and internet service provider, but not their exact location or other personal data. Confidential customer data is not stored on the server.
As required by law, the incident has been reported to the National Cyber Security Centre Finland at the Finnish Transport and Communications Agency Traficom and the Office of the Data Protection Ombudsman. Tukes has reported the suspected data breach to the police. This suspected data breach does not apply to other FINAS or Tukes servers or systems.
“This suspicion of a data breach is serious matter. I sincerely apologise for any inconvenience to our customers,” says Katriina Luoma, Director of the FINAS Accreditation Service.
FINAS is Finland’s national accreditation body that certifies calibration and testing laboratories, certification bodies, inspection bodies, providers of proficiency testing, greenhouse gas and EMAS verifiers, and biobank operators. FINAS operates as an independent and impartial unit within the Tukes organisation.
Further information for the media: director Katriina Luoma, calls through the Tukes media service at tel. +358 29 505 2234 (weekdays at 9–15) or [email protected]
