On Monday, June 10th, we discovered a security vulnerability in our member register. The vulnerability was identified by a student from South-Eastern Finland University of Applied Sciences, and we thank them for reporting it. The vulnerability allowed unauthorized access to the following information without logging into the system:
– Address
– Country of residence
– Phone number
– Student number
– Place of study and degree program
– Facial image
– Preferred language of communication (Finnish/English)
It is important to note that the vulnerability did not include name details or personal identification numbers. Currently, there is no evidence that any information has been leaked.
The student union purchases the member register service and maintenance as an outsourced service. The vulnerability was found in the outsourced system. The system provider was able to fix the vulnerability on Tuesday, June 11th.
According to the criteria of the Data Protection Ombudsman’s Office, the potential impact of the incident on registered individuals is minimal.
We are extremely sorry for what has happened. The security and privacy of our members are of utmost importance to us. We are doing everything we can to protect our members’ information now and in the future. If you notice any suspicious activity involving your information, more details on how to proceed can be found on the suomi.fi website: https://www.suomi.fi/guides/data-leak
If you have any questions or would like more information, please contact the Student Union’s Executive Director:
Sauli Sarjus
050 592 7482
sauli.sarjus@opiskelijakuntakaakko.fi