Taloyhtio.info suffered a cyber attack in March 2019. The data breach, which affected half a million Finns, was not only a business, communications and public relations crisis. It was also a serious security threat. How was the cyber crisis resolved?
Taloyhtio.Info is a property management and communication service between housing management companies, boards of housing companies and housing company shareholders. In March 2019, the service crashed unexpectedly in the middle of a hectic accounting period for housing companies. The outage immediately affected 150 property management companies managing around 8,000 Finnish housing companies with 300,000 to 500,000 residents.
It soon became clear that the outage was caused by a cyber attack. It had been targeted at a server hosted by a data center provider from where Taloyhtio.Info had purchased its server space. The situation escalated quickly: Finland's leading cybercrime investigation company was commissioned by the insurance company to investigate the server attack, and Mobimus, the company behind the Taloyhtiö.info service, got its tech team to launch countermeasures and a server data rescue operation. At the same time, customer service was flooded with queries related to the outage.
To best prepare the battle which would be fought on multiple fronts, Mobimus called in one of Netprofile’s crisis communications consultants and her team.
Netprofile was given the responsibility of coordinating cyber crisis management and communications. In practice, this meant that Netprofile maintained situational awareness and liaised with various parties involved in the crisis. Netprofile was also authorized to decide on crisis management tactics and messaging between the different actors.
As the situation progressed, Netprofile monitored the technical investigation and service restoration activities, ensured that communication and cooperation with authorities were initiated and kept on schedule, and kicked-off customer communication and public relations activities. Netprofile also discussed the measures and communication with a lawyer from the law firm Lexia. Cooperation with the police, the Data Protection Ombudsman and the Cyber Security Centre was also seamless.
When personal data is at risk, it is imperative to act within the tight deadlines set by GDPR. In this case, the challenge from both the legal and communicational perspective was that even three days after the attack forensic investigators were still unable to confirm what, if any, user data had leaked to the criminals.
Therefore, Netprofile decided to provide information as openly as possible to all parties involved – of course, using careful choice of words. Both the property management companies and the users of the service were kept aware of the evolving situation. Media was informed about the data breach by arranging an interview with a sector specific media who could understand the technical breach's complexity and report it both appropriately and accurately.
The strategy was successful. The transparent approach cut off all speculation emerging on social media, and the online news published by Tivi, an IT-specialized media, spread to other media such as Iltalehti and Talouselämä. Our chosen narrative penetrated all major media, and no further inquiries were received. Once the public relations angle was under control, we could focus on crisis management and customer communication.
The impacts of cyber crises are far-reaching, and Netprofile stayed on top of the situation for months – the last threads were tied about a year after the cyber-attack. We can now conclude that our client's business survived the cyber-attack by international criminals. At the same time, the company's multi-stakeholder and multi-agency cooperation and crisis response capabilities were improved and developed.
Tuomas Saarelainen, CEO and Founder, MobimusOy/Taloyhtiö.info