Cyber Incident Victim: Finnish Transport and Communications Agency

On September 7, 2023, the Finnish Transport and Communications Agency (Traficom) experienced a distributed denial-of-service (DDoS) attack targeting its public-facing websites. The attack caused widespread service disruptions, rendering Traficom's online platforms inaccessible to users. The agency confirmed the incident via a social media post on X (formerly Twitter), stating its websites had been under active attack throughout the day. Service interruptions prevented public access to critical digital services, including vehicle registration data and driver's license information systems. While core regulatory functions like license issuance continued offline, the outage impeded citizens' ability to verify transportation-related records. Traficom acknowledged the attack's impact on service availability but did not disclose technical details regarding attack vectors, traffic volume, or duration.

Traficom immediately activated countermeasures to mitigate the attack and restore services. The agency's crisis response prioritized minimizing downtime, though no specific restoration timeline was provided. Traficom's Director General publicly addressed the incident, noting such attacks occur frequently against various organizations and emphasizing the importance of filing police reports to improve threat intelligence. The agency republished existing guidance highlighting the routine nature of DDoS incidents across sectors. No data breach or system compromise was reported beyond the temporary service unavailability. Traficom issued a public apology for inconvenience caused but maintained operational continuity for essential regulatory duties unaffected by the web service disruption.