One of the Finnish Government ICT Centre (Valtori) MDM services was compromised.
-
One of the Finnish Government ICT Centre (Valtori) MDM services was compromised. Apparently the attacker(s) employed a vulnerability that did not have security fix available at the time of the breach.
The attacker extracted at least name, email address, phone number and device information for the impacted users. Actual mobile devices have not been known to be targeted.
Valtori provides service to 77000 users. While not all of them had devices under the affected system, this is still quite concerning.
Source: https://valtori.fi/-/osassa-valtionhallinnon-mobiililaitehallintaa-tietomurto-hyokkaajan-toiminta-estetty (in finnish)
-
One of the Finnish Government ICT Centre (Valtori) MDM services was compromised. Apparently the attacker(s) employed a vulnerability that did not have security fix available at the time of the breach.
The attacker extracted at least name, email address, phone number and device information for the impacted users. Actual mobile devices have not been known to be targeted.
Valtori provides service to 77000 users. While not all of them had devices under the affected system, this is still quite concerning.
Source: https://valtori.fi/-/osassa-valtionhallinnon-mobiililaitehallintaa-tietomurto-hyokkaajan-toiminta-estetty (in finnish)
This Ivanti Endpoint Manager Mobile (IPMM) security advisory seems to fit the timeline of the incident: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
-
One of the Finnish Government ICT Centre (Valtori) MDM services was compromised. Apparently the attacker(s) employed a vulnerability that did not have security fix available at the time of the breach.
The attacker extracted at least name, email address, phone number and device information for the impacted users. Actual mobile devices have not been known to be targeted.
Valtori provides service to 77000 users. While not all of them had devices under the affected system, this is still quite concerning.
Source: https://valtori.fi/-/osassa-valtionhallinnon-mobiililaitehallintaa-tietomurto-hyokkaajan-toiminta-estetty (in finnish)
Apparently more user information was actually leaked than initially estimated. The current estimates are around 50000 user accounts. This is due to the system not actually deleting the user account from the database when the user is deleted.
Source: https://valtori.fi/-/tilannepaivitys-30.1.-todetusta-mobiililaitehallinnan-tietomurrosta (in finnish).
This btw makes the system not GDPR compliant.
-
Apparently more user information was actually leaked than initially estimated. The current estimates are around 50000 user accounts. This is due to the system not actually deleting the user account from the database when the user is deleted.
Source: https://valtori.fi/-/tilannepaivitys-30.1.-todetusta-mobiililaitehallinnan-tietomurrosta (in finnish).
This btw makes the system not GDPR compliant.
@harrysintonen And still no indication of what MDM platform was compromised.
-
R ActivityRelay shared this topic
