Data protection procedures of dozens of online services to be checked
Data break-in cases that make it into public are only the tip of the iceberg
The data protection of dozens of Finnish websites is going to be examined.
Finland's Data Protection Ombudsman Reijo Aarnio has asked 70 system administrators to explain how they protect the data of the users of their sites. Most of the system administrators are businesses, but a few public sector players are also included.
The examination focuses on sites that experienced a data security breach or at least such a threat last year. The websites in question have been chosen through random selection from a larger number of sites.
The aim of the undertaking is to find out if the service providers have introduced improvements to their data protection systems and if the handling of people’s personal data is in accordance with the law.
In the data leaks towards the end of last year, the personal data of around 600,000 Finns was compromised. The targets of such attacks included at least car dealership, travel, and health related websites.
According to Aarnio, the data system break-ins that make it to the public domain are only the tip of the iceberg.
“They happen all the time”, Aarnio says.
In Aarnio’s view, it seems that not enough technology is utilised in developing data protection systems and there is not enough knowhow.
Last year’s large data break-ins utilised primarily the so-called SQL injection attacks plus other hacking methods alongside them. SQL (structured query language) is a commonly used computer language developed to create, modify, retrieve and manipulate data from databases.
According to Erka Koivunen, head of the data security unit at the Finnish Communications Regulatory Authority (FICORA), such attacks could be prevented relatively easily.
“Careful coding and check-ups should prevent such attacks”, Koivunen reckons.
Koivunen agrees that last year only a fraction of all the Internet service data break-ins in Finland made headlines in the public media.
“While just a handful of cases were talked about in public, hundreds of similar incidents came to our attention.“
Previously in HS International Edition:
Data leak - Anonymous hackers disown claim of responsibility made in their name (8.11.2011)
Personal information of 16,000 people put on internet in Finland´s largest ever data leak (7.11.2011)
300,000 Finns affected by PlayStation hack (29.4.2011)
Data Protection Ombudsman