- The Digital and Population Data Services Agency of Finland has published a website for victims of data breach and identity theft.
- The new site provides victims with advice and helps them with services such as credit ban.
- A leaked personal identity code and street address may be sufficient for making a fraudulent purchase in some online stores. The victim can prevent this by ordering a credit ban against themselves.
- Laws regarding identity theft should be updated. The Finnish financial sector has urged this since 2014.
The website was developed in cooperation with Finance Finland, Community Cyber Response Force, Competition and Consumer Authority, Consumers’ Union, Office of the Data Protection Ombudsman, Patent and Registration Office, Police of Finland, Posti, Suomen Asiakastieto, Transport and Communications Agency Traficom, and Victim Support Finland.
Last October, an attack on a Finnish psychotherapy company’s database led to the personal data of the company’s customers being extensively leaked on the Internet. The hackers also attempted to extort money in exchange for the data. The leak was widely covered by the media and highlighted the need for services for the victims. While this type of personal information is not enough to take out a bank loan, the criminal might succeed in taking out an instalment purchase, for example, or misusing the information in some other way.
”For the victim of identity theft, the only practical protection against fraud is to order a credit ban on yourself. It’s a rather drastic measure that shouldn’t be taken lightly, but it is a sensible decision to make if there is reason to suspect your identity has been stolen”, says Niko Saxholm, head of security and loss prevention at FFI.
Tighter regulation
When the identity theft section of the Criminal Code of Finland was last updated, Finance Finland lobbied for several tighter provisions. These proposals did not make it to the final code, however.
The financial sector proposed that the unlawful collection and possession of personal information would constitute identity theft, and that an aggravated form of identity theft would be recognised by law and be punishable with imprisonment. The sector also proposed that technical surveillance could be used in preliminary investigation.
“Data breaches are not likely to end in the future. The new online service for victims is a good start, but there is also an undeniable need to review the relevant legislation”, Saxholm notes.
Still have questions?
|Contact FFI experts
Looking for more?
Other articles on the topic