The person or persons who recently hacked the City of Helsinki's education division's database could have accessed the personal information of all compulsory school-aged children in the capital, of an estimated 150,000 of their parents or guardians, as well as of around 38,000 city employees.
Among the data possibly taken during the breach are the personal ID codes of children, parents and guardians, large numbers of addresses, and possibly the passport numbers of families with foreign backgrounds, but no phone numbers or email addresses.
The National Digital and Population Data Services Agency is advising anyone whose personal identity code may have fallen into the wrong hands to consider imposing blocks on the use of certain data.
What are the risks of data misuse?
Deputy Data Protection Ombudsman Annina Hautala says that the more data that falls into the hands of a malicious actor, the greater the risk of misuse. For example, addresses can be combined with other data, which can increase the potential for abuse.
According to Hautala, the misuse of personal identity codes is now more difficult thanks to the reform of the Data Protection Act at the turn of the year. It is no longer possible to prove identity using only a personal identity code, or a name and a personal code.
"It has been made more difficult to misuse a personal identity number, but unfortunately it is not completely impossible," she points out.
Hautala adds that the current Consumer Protection Act has made it more difficult to make online credit purchases using someone else's ID code. For these situations, online shops should have a system of strong authentication.
Hautala notes, though, that abuse can be possible if the perpetrator finds an online shop that does not properly identify the individual and allows the purchase to be made with credit.
Minimising the danger
To be on the safe side, you should not only impose limits on how your personal information can be used, but also monitor your account transactions to check for any unusual activity.
If your personal identity number has been stolen, you may want to consider filing a credit ban with the Tax Administration, The credit data management company Suomen Asiakastieto and Dun & Bradstreet. A guardian can also place a credit ban on a minor.
The Tax Administration's service is free of charge. The benefit of a credit ban is that it makes it more difficult to take out a loan, use a credit card or make purchases on installments with your data. If you take out a loan yourself, you will need a certificate of the credit ban.
To prevent a change of address notice from being issued, notify Posti and the Digital and Population Data Services Agency. This way, no change of address can be made in your name.
You can file a registration ban with the Finnish Patent and Registration Office (PRH), so that you cannot be registered as a person in charge of a company, association or foundation.
You can also place a ban on the disclosure of your contact details by your telecoms operator or by the Digital and Population Data Services Agency. This means that your contact details cannot be accessed by criminals, for example, but they also cannot be passed on to others, such as marketing companies, either.
Users with an Yle ID can leave comments on our news stories. You can create your Yle ID via this link. Our guidelines on commenting and moderation are explained here.