Data breach affecting clients of Transport Services

The data breach occurred during eight days between 4 July and 24 October 2021 when a former employee of FCG Smart Transportation Oy logged in to the Transport Services system after their employment relationship had ended. This was possible because FCG Smart Transportation Oy had not deactivated the person’s user ID. The person did not systematically search for clients’ information, but the person did some random searches and opened some bookings and client profiles.

The person was able to see information entered into the clients’ profiles for transport purposes, such as names, addresses, personal identity codes and other information needed for organising transport services.

FCG Smart Transportation Oy has briefly discussed the matter with the person who searched for client information. The person has told that they were the only one who used the user ID. According to the person, their reason for logging in to the system was curiosity.

After the data breach was detected, FCG Smart Transportation Oy immediately deactivated the former employee’s user ID and checked all other IDs currently used within the system. No other similar transactions or active user IDs were found.

The City of Espoo has reported the breach to the police. Clients affected by the data breach can also submit a report of the offence to the police.

“We take all data breaches involving the city’s services very seriously. What makes this case especially serious is that the breach involves our clients’ personal data. We have reported the case to the police, but we have also demanded an explanation from FCG Smart Transportation Oy as to why the person’s user ID had not been deactivated and how the company will prevent similar occurrences in the future,” says Anu Autio, Manager of Disability Services.

• Anu Autio, Manager of Disability Services, City of Espoo
  tel. +358 43 8259890, anu.autio@espoo.fi
• Kari Sirviö, Logistics Director, City of Espoo,
  tel. +358 50 5810906, kari.sirvio@espoo.fi