Front Page: NCSC-FI
Front Page: NCSC-FI

A data breach refers to unauthorized access to an information system, service or device or unauthorized use of an application, such as an email account, by means of acquired access codes. Carrying out a data breach is a punishable offence as defined in the Criminal Code, and an attempted data breach is also punishable. Just accessing a system without authorisation meets the definition of an offence and does not require using the target of the breach or the data it contains.

Protect against a data breach


Keep your software and systems updated

It is very important to install the latest system and device updates to protect against data breaches. Most software updates contain vulnerability fixes and should be installed soon after they are released. Vulnerable systems are always at greater risk of suffering a data breach.


Use multi-factor authentication

Multi-factor authentication refers to an authentication method that complements the use of a user ID and password in order to identify the user of the service. Examples of complementary authentication methods include disposable key number lists used in on-line banks and codes sent to mobile phones. An attacker who has got hold of a user ID and password must get access to the one-time access code for multi-factor authentication in order to succeed in a data breach.


Do not use the same passwords in several different services

Many of the services used on the Internet have been subject to major password leaks. Up to millions of username / password pairs have been leaked into the public domain. By using different passwords for each service, you can prevent extensive exploitation of leaked IDs. We recommend using password management software.


Remember to take backups

Make backup copies of key data and services. Keep backups separate from protected systems and data so that ransomware, for example, does not make backups unusable. Test restoring from backups regularly, for example, annually. This makes sure that the backups can be restored successfully and that the required system settings are backed up.


Over the past two years, the use of IDs obtained through phishing in the Outlook cloud email service, which is part of the cloud-based Office 365 environment, has become more common. Read our guide on how to protect your Office 365 environment from data breaches.

The purpose of carrying out a data breach is to gain a financial benefit. For example, secure data in systems has a financial value. An environment that has been breached can also be used to distribute harmful material, or the operation of the environment can be paralysed by ransomware. An attacker can use the breached environment as part of other attacks, for example in denial of service attacks.

When a hacked site is used to distribute harmful content, its reputation collapses. In that case, security software and search engines may add the site to a list of blocked sites, (blacklist). If an organisation's website has been placed on a blacklist, ordinary transactions with the organisation are blocked.

A data breach targeting a private person can be used for identity theft, for example, in which case someone else presents themselves as the person who was the target of the breach. A data breach can also be simply bullying. When a private person is the target of a data breach, he or she suffers from an ineffective system and personal information that has ended up in the wrong hands.

Data breaches cause financial and reputational losses to the target organisation. In addition, the organisation’s normal operations may be blocked for long time due to repairs or re-installation of the environment. Data breaches are also used for invoicing fraud in which case financial losses can be significant. The difference between regular CEO scams is that an invoice sent from a breached system comes from within the organization and therefore goes through the system more easily.

Do the following if you have been the target of a data breach


Report it

If you notice or suspect that you have been attacked, always report it to the Cyber Security Centre using a form (External link) or email (cert @ and report the offence (External link).

If, as a result of a data breach, the attacker has gained access to data that is protected or kept secret, this is a data leak. If you suspect that the leaked data contains other people’s personal data, this is a data protection violation that must be reported to the Data Protection Ombudsman (External link).


Isolate the targets of the breach

In the event of a data breach, the targets should be isolated from the rest of the environment in order to prevent further harm.


Change passwords / Lock IDs

Change the passwords used on the breached systems. Alternatively, you can lock the IDs used in the breached environment.


Verify logs

It is a good idea to ensure that logs during and before the breach are secured and not located in a breached environment, in which case the attacker may also be able to modify them.


Restore backups

Before restoring a breached system, make sure that the attacker no longer has access to the network. System updates must be made before restoring the environment from the backup copies. Additionally, make sure that the restored environment does not contain malware.


Remember communication

In large-scale data breaches, ensure that customers, partners and the public are informed.

If you suspect that your private account has been breached, change your password and any security questions to prevent unauthorized access to your account. Remember to change your password for other services, If you have used the same password as that in the breached service. It is also a good idea to check any recent updates made from a breached social media account as well as messages sent from a breached email account, if possible. In some situations, it is a good idea to notify contacts in a system that was the target of a data breach.