During regular self-monitoring, Posti discovered a weakness in the application component, which is responsible for transmitting the data of the contact and service request forms on the posti.fi website. About ten thousand forms are sent through the site per month.
We noticed a weakness on 28 March. It was fixed immediately on the same day and thus the forms on our site can be safely used.
We want to clarify that the recent weakness identified on our website did not provide access to any complete database. Rather, it allowed access only to the data currently stored in the cache of the data transfer component. Typically, no more than twenty forms are stored in the cache at any given time. As a result of the weakness, queries could have been made to the application component responsible for processing forms. However, based on our log data, we have found only random queries to the component, with no indications of systematic data collection.
We regret to inform you that, despite our best efforts, we have been unable to completely rule out the possibility of abuse resulting from the weakness. After conducting a thorough internal investigation, we now have sufficient information about what transpired to allow us to contact our customers, as required by the EU data protection regulation.
We are sorry for the incident. We take data security and protection very seriously and will continue to investigate the matter with the authorities. We have reported the incident to The Office of the Data Protection Ombudsman.