Mobile device management data breach: no new information on compromised data

The data breach does not affect all of Valtori’s customer organisations, nor devices or services within the security network of the security authorities.

Valtori continues active cooperation with the authorities in investigating the data breach detected on 30 January in its mobile device management service. Valtori does not comment on matters related to the police pre-trial investigation. Nor can Valtori comment on the situation of individual customer organisations.

At this stage, Valtori’s investigations have not revealed any new information regarding the compromised data beyond what has already been communicated. Data stored on mobile devices has not been compromised. The data breach does not affect all of Valtori’s customer organisations, nor devices or services within the security network of the security authorities. Within the affected service, the security authorities had certain user account details related to services in the public network.

The attacker exploited a vulnerability in a third-party software solution used by Valtori, for which no security update was available at the time of publication on 29 January. Valtori implemented a fix immediately on Thursday afternoon, 29 January, after the patch was released, and subsequently prevented further malicious activity by isolating the mobile device management service from the network. As previously communicated, the compromised data consists of personal and contact information processed in the management service, country-level location data, and device-related information (including data on applications installed on devices).

We have provided updates on the situation on our website.