Update on the mobile device management data breach identified on 30 January

Publication date 5.2.2026 16.55 | Published in English on 6.2.2026 at 13.00
Type:Press release
Photo: Valtori

Valtori identified a data breach on 30 January 2026 in the mobile device management service it provides. The attacker gained access to information used in operating the service, including names, work email addresses, phone numbers, and device details. A user’s precise location cannot be determined based on this data. According to current information, no data stored directly on the mobile devices themselves has been compromised.

During the investigation on the afternoon of Thursday, 5 February, it became evident that the scope of compromised data is significantly broader than previously assessed. Earlier estimates indicated that user data related to approximately 20,000 devices had been compromised. In light of new findings, the incident may involve a substantially larger number of users of the Government’s shared ICT services (approximately 50,000).

Investigations have shown that the management system did not permanently delete removed data but only marked it as deleted. As a result, device and user data belonging to all organizations that have used the service during its lifecycle may have been compromised. In certain cases, a single mobile device may have multiple users.

Valtori operates several different management systems, and the situation does not affect all customer agencies, nor does it involve devices connected to the secure network used by security authorities. The investigation is still ongoing, and we will provide further updates as more information becomes available.

Root cause: a zero-day vulnerability in the mobile management solution

The attacker exploited a vulnerability in a commercial software product used by Valtori. When the vulnerability became public on 29 January, no security patch was yet available. Valtori installed the corrective update immediately on the afternoon of Thursday, 29 January, once it was released, and later stopped the attacker’s activity by isolating the mobile device management service from the network.

Valtori maintains preparedness for various cyber threat situations through 24/7 monitoring, active cooperation with authorities, technical detection and protection measures, and regular exercises. Cyber threat situations are handled in accordance with strictly defined information security processes and detailed, continuously updated operational guidelines.

Valtori’s customers are government agencies. The Finnish central government employs approximately 77,000 people (tutkihallintoa.fi).

We will update this news item as needed with the latest information.

Further information

Director General Hannu Naumanen, [email protected]
 
News

More information on Valtori

Take a closer look at our operations.

Subscribe to publications

Subscribe to Valtori’s news and blogs via your email.