Finnish dairy company Valio reports data breach exposing 5K people

Valio, Finland's major dairy company, is reporting a data breach that exposed sensitive personal information of over 5,000 individuals.

The incident, discovered on December 12, 2024, occurred through compromised user credentials at Vincit, Valio's IT service partner. According to Julius Manni, Vincit's CEO, this incident was part of a broader attack that affected ten of their clients in total, though Valio appears to be the most significantly impacted.

Initially believed to be a ransomware attack aimed at disrupting operations, subsequent investigation revealed that the attackers had accessed and stolen sensitive files. The exposed data includes:

• Names
• Personal identification numbers
• Salary information
• Bank account details
• Additional Sensitive Data:
• Pension fund details affecting approximately 1,000 insured individuals
• Health-related information tied to benefit processing

Valio has notified all potentially affected personnel, established a dedicated telephone service for affected individuals and reported the incident to law enforcement, Finland's data protection authority, and Traficom.