Data breach in part of central government mobile device management – attacker activity stopped

Publication date 3.2.2026 14.30 | Published in English on 5.2.2026 at 15.13
Type:Press release
Kuvalähde: Valtori

Valtori identified a data breach on 30 January 2026 in the mobile device management service it provides. The breach concerns configuration and user data related to approximately 20,000 government mobile devices.

The attacker gained access to information used in operating the service, including names, work email addresses, phone numbers, and device details. A user’s precise location cannot be determined based on this data. According to current information, no data stored directly on the mobile devices themselves has been compromised.

Valtori informed its customer organizations’ information security and other key contact persons about the situation on 30 January 2026 in accordance with its information security incident management process. These organizations have, in turn, communicated the matter internally. Valtori has also filed a police report and continues to investigate the incident in cooperation with the police and the Kyberturvallisuuskeskus. As the investigation is ongoing, we are not assessing the perpetrator or motive at this stage.

Root cause: a zero-day vulnerability in the mobile management solution

The attacker exploited a vulnerability in a commercial software product used by Valtori. At the time the vulnerability became public on 29 January, no security patch was yet available. Valtori installed the corrective update immediately on the afternoon of Thursday, 29 January, once it was released, and subsequently stopped the attacker’s activity by isolating the mobile device management service from the network.

Valtori maintains preparedness for various cyber threat situations through 24/7 monitoring, active cooperation with authorities, technical detection and protection measures, and regular exercises. Cyber threat situations are handled in accordance with strictly defined information security processes and detailed, continuously updated operational guidelines.

We will update this news item as needed with the latest information.

Update 4 February 2026

Valtori’s customers are government agencies. The Finnish central government employs approximately 77,000 people (tutkihallintoa.fi). The data breach affects those customer agencies whose employees’ mobile devices are managed through the mobile device management service. Valtori operates several different management systems, and the incident does not affect all customer agencies, nor does it involve devices connected to the secure network used by security authorities. In some cases, a single mobile device may have multiple users.

Further information

Director General Hannu Naumanen, [email protected]
 
News

More information on Valtori

Take a closer look at our operations.

Subscribe to publications

Subscribe to Valtori’s news and blogs via your email.