On January 30, Valtori, Finland's State Information and Communication Technology Centre, reported a large-scale data breach affecting its systems. Initially estimated to have impacted 20,000 employees, further investigation revealed that over 50,000 individuals working for the state had their mobile devices compromised. The breach underscores the vulnerabilities in state cybersecurity protocols and the challenges faced in responding to such incidents.

The cyberattack exploited two critical vulnerabilities found in the mobile device management software from the American company Ivanti. Specific details about how long these vulnerabilities were present remain unclear. Ivanti has since issued patches for its Endpoint Manager Mobile system, claiming that only a limited number of customers may have been affected. This incident highlights not only the immediate risk to personal data but also broader implications for national security and public confidence in government IT systems.

The vulnerabilities, designated CVE-2026-1281 and CVE-2026-1340, received the highest severity rating on a ten-point scale, indicating the potential gravity of the situation. Access gained by attackers could include sensitive gps data, raising further concerns about privacy and security across government operations. The incident serves as a wake-up call for enhanced cybersecurity measures and greater vigilance in protecting sensitive state information.