Suoraan sisältöön

Julkaistu 22.05.2024

Detected data breach in the Regional Council's email account

The South Savo Regional Council was affected by a data breach, which was discovered on 21st of May around 12:30 p.m.

During the breach, an e-mail account of an employee of the organization was accessed and a DOCUSIGN scam message was sent in the name of the users e-mail account to the recipient list collected from the users e-mail. We use modern security measures and identity protection practices, but somehow this slipped through the shields. Based on the investigation, the active phase itself only lasted for a minute at 9:30 on Tuesday morning.

The necessary measures have been taken at the user and organizational level of the South Savo Regional Council, and we are monitoring the situation. Finnish national agency, Traficom is aware of and supports our operations. A criminal report will be filed to Finnish police.

In order to investigate the incident, we requested and received information from the affected organizations, and the users of the target organizations were also in contact with us. Traficom has provided information and guidance on managing the situation. As far as we know, the malware's link has not worked properly, that is, the malware itself has apparently been neutralized earlier. Thus, the user accounts of the affected organizations may not have been compromised.

We still recommend checking the following with your own IT support: 
-possible unusual logins to Office services and to change affected users passwords.
-possible Outlook on Web -rules for e-mail processing. There should be no unknown transfer or processing rules for messages. 
-log data for e-mail messages sent from the organization by affected users for messages with the date 21.5. after 9:30 A.M. and DOCUSIGN is in the title. 

We have submitted a request for information to a third-party operator regarding their investigation, and we are also continuing our own investigation to find the point of entry of the malware.

More information:

Tuomo Laakso, ICT Manager
+358 44 284 1042