Information security now!
This week we will talk about what you can do if your personal data gets into the wrong hands. As scammers do not rest even during summer, we will also remind you about scam messages sent under Traficom’s name.
Tällä viikolla katsauksessa käsiteltäviä asioita
What can I do if my personal data falls into the wrong hands?
When falling into the wrong hands, personal data may cause a wide range of harm, including identity thefts, reputational damage, fraud, property offences or other inconvenience. News about data breaches and new data leaks are published constantly. It is useful to familiarise yourself with protecting your personal data and avoiding damages in advance, before any accidents happen.
Various registers and databases contain information, some of which is personal data. If the information has been recorded in an information system, it is also possible to steal it in a data breach. Protecting and securing the data is the responsibility of the controller. Data that have been stolen and fallen into the wrong hands can be used to cause a great deal of harm to the data subject. The more sensitive the data, the more damage leaking them may lead to and the more securely the data should be stored.
Address data, name data, patient records, contact details, education and training details, property information, licence information, passport number, personal identity code, hobbies, customer relationships, shareholdings and even shoe sizes are in some way personal data. However, not all of them need to be treated equally seriously and kept locked up. Nevertheless, when they are all combined, they form a significant collection of personal data that may cause inconvenience when misused.
Have you been subjected to a data breach or a data leak? Has your personal data been misused?
These guides tell you what you should do if your personal data has fallen into the wrong hands. The guides provide advice to victims of data breaches and data leaks and help you if you have been subjected to an identity theft or have lost your passport or identity card, for example.
New scams threatening with a fine again
In the past few months, a lot of text message scams threatening with a fine have been fabricated in the name of the Transport and Communications Agency Traficom. In yet another scam campaign, an overdue invoice is sent, threatening with enforcement unless the recipient pays the invoice. This time, the scam messages pretend to come from Trafi. Perhaps all the variations of the agency’s current name have already been used as the scammer has returned to the name of the Finnish Transport Safety Agency, the operation of which ended five years ago.
Similar phishing for online banking codes can be found behind the invoice scam as in previous scam attempts. A website made to look like the Suomi.fi login page is phishing for online banking codes with the intention of using them to withdraw money from the bank account.
Cyber weather for July has been published
Cyber weather for July was slightly calmer than in the previous months. Significant events still took place in July, such as the update of the CrowdStrike data security product, which caused large-scale disruption across the world. As for scam messages, tax return -themed messages started to become more common again towards the end of the month, anticipating the tax returns due at the beginning of August.
In July, the summer continued calmer than usual in terms of cyber weather. With regard to data breaches, the reports received by the Cyber Security Centre on data breaches during the summer fell by half compared with the beginning of the year. The impacts of reported denial-of-service attacks on services have also been non-existent.
On the other hand, a globally significant data security incident was experienced in mid-July when an update of the CrowdStrike data security product caused a disruption that prevented Windows devices using the product in question from starting up. The disruption caused outages in several services globally, affecting payment traffic, air traffic, train traffic, health care and media houses, among others. Some organisations in Finland were also affected by the situation either directly or indirectly through the supply chain.
Cyber weather for July also includes the TOP 5 threats that are updated quarterly. This time, two new themes have been highlighted because of their topicality: ransomware or protection of the telecommunications infrastructure. However, it is good to remember that the themes which were excluded, i.e. the threat level that has remained elevated and cyber security experts, have not lost their importance. There are a wide range of different significant threats in the cyberworld. Often, the TOP 5 threats are also mutually linked, and it is therefore not meaningful to put them in a specific order of priority.
Recently reported scams
In this summary, we provide information about scams reported to NCSC-FI during the past week.
WHAT TO DO IF YOU GET SCAMMED
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or got hold of your payment card information.
- File a police report. You can file a police report online. (External link)
- You can also report the incident to the NCSC-FI. (External link)
- Instructions for victims of data leaks (External link)
Learn how to detect and protect yourself against online scams
About the weekly review
This is the weekly review of the National Cyber Security Centre Finland (reporting period 2–8 August 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.