Cyber Incident Victim: Etelä-Savon ammattiopisto
Date:
Nov 2023
Location:
Finland
Summary
A Finnish vocational school experienced a cyberattack disrupting online classes and necessitating the shutdown of network and server systems, though in-person teaching continued partially. The institution collaborated with internal and external experts to investigate the incident, reporting it to data protection authorities, the national cybersecurity center, and police. Initial assessments indicated no evidence of personal data leakage. Systems including cloud services and educational platforms were restored within days, allowing normal operations to resume, although payment systems remained non-functional, requiring temporary cash-based solutions. Information sessions were conducted for students, and regular updates were provided via the school's website and communication channels.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 16, 2023, Etelä Savo Esedu, a vocational college in Finland, experienced a cyber attack that forced the immediate shutdown of its network and server connections. The institution disabled all information systems, including email, Microsoft cloud services, and educational platforms like Wilma and Kippo, rendering online teaching impossible. Physical classes continued with limited disruptions, though staff and students were instructed not to power on Esedu-issued computers. Communication channels were severely restricted, prompting the college to establish an SMS hotline (044 711 5511) for inquiries and commit to providing twice-daily updates via its website and social media. By November 17, external cybersecurity experts joined internal IT staff to investigate the attack's origin and scope, while authorities including the National Cyber Security Centre, Data Protection Ombudsman, and police were formally notified. Initial assessments found no evidence of personal data leaks affecting students or staff.
The college restored partial functionality by November 19, confirming the safety of student and staff documents while reactivating Microsoft cloud services, Wilma, and Kippo to enable online studies. Full teaching operations resumed on November 20, though minor system instabilities persisted and payment systems remained inoperative—forcing campus cafeterias in Mikkeli to implement manual purchase tracking and prioritize cash transactions. A November 21 Teams briefing for students addressed the attack's aftermath and school health survey results, with administrators reiterating normal service restoration except for payment processing. By November 28, all systems except payment infrastructure were operational, with the college confirming no further disruptions to academic activities. Throughout the incident, Esedu coordinated with other vocational institutions for support and maintained transparency through 14 public bulletins detailing containment progress and temporary operational adjustments.