Advice and guidance for victims of data breaches

On this page, victims of identity theft or data breaches will find up-to-date advice and guidance, with links to helpful information published on the websites of authorities and other organisations. The site is constantly updated.

First steps for victims of the Vastaamo data breach


If you suspect that you may have fallen victim to the data breach, or if you received an extortion message, take the following steps:

Take care of yourself

  • Don't panic. It is possible that all the kinds of personal data discussed in relation to the data breach have not leaked in your case. You are not alone, and help is available.
  • If you currently have an ongoing treatment relationship with a healthcare professional, contact your doctor or therapist and arrange further treatment. It is important to ensure that currently ongoing treatment continues.
  • If you need treatment, contact the emergency social and crisis services or municipal health centre of your municipality of residence.

Collect evidence

  • If you have received an extortion message, take a screenshot of it and save it on your computer for a future investigation. Also make sure to keep the original message.

Do not pay the demanded ransom or otherwise communicate with the extortionist

  • Paying the ransom helps perpetuate criminal activity. There are no guarantees that the cyber criminal will stop extorting you or refrain from publishing your personal information even if you pay the ransom.
  • Do not communicate with the extortionist. It is probable that the information has already been leaked.

File a report with the police regarding the data breach and/or extortion

Consider the following when filing a report of an offence:

  • Include the word “Vastaamo”.
  • Mention to whom the possible extortion message was addressed.
  • If your personal data has leaked and you know where it may have been published, include this information.
  • Include information on any ransom demands, the stated method of payment and account number(s).
  • Mention whether you have paid any demanded ransom.

Please use the Net tip service offered by the police if you have any other information concerning this crime

Notify the National Cyber Security Centre Finland (NCSC-FI) of the information security breach

Apply for a personal credit ban, can also be applied for underage people

  • This prevents anyone from taking out credit in your name. In Finland, credit registers are maintained by Suomen Asiakastieto Oy and Bisnode Finland Oy.
  • Underage people cannot take out loans in their own name, reducing the risk of misuse. There are no legal impediments to applying for a personal credit ban (‘oma luottokielto’) for an underage person.
  • Suomen Asiakastieto Oy credit ban (External link)
  • Bisnode Finland Oy credit ban (External link)
  • Vastaamo will reimburse the cost of the Tietovahti service informing its users of requests made to check their credit worthiness and Asiakastieto’s personal credit ban to victims of the data breach. More detailed instructions are available on the Vastaamo website (External link).

Apply to Posti for a free-of-charge ban on address changes

Apply to the Finnish Patent and Registration Office for a free-of-charge registration ban

  • A registration ban helps prevent anyone from using your personal data to designate you as the responsible person of a company in the Trade Register, for example.

Change your password and enable two-factor authentication

  • Ensure that all of your passwords are sufficiently long.
  • Use two-factor authentication.

Review the terms of your insurance contracts

  • Certain providers’ home insurance plans include limited legal assistance for victims of identity theft. You may have the right to compensation under the General Data Protection Regulation.

File an inspection request with Vastaamo regarding your personal data

  • Under the General Data Protection Regulation, you have the right to know what personal data Vastaamo has stored on you.
  • Contact Vastaamo directly via the inspection request form (External link) on the Vastaamo website (to be translated).

Have your information removed from any billing services and place a ban on their use

  • Billing services such as Klarna may allow the purchase of products by invoice with very little personal information required. You can ask the billing service to delete your information on the basis of the “right to be forgotten” provided by the General Data Protection Regulation.
  • The contact details of billing services can generally be found on their websites (e.g. in the privacy statement).

Contact your operator to hide your mobile subscription information

  • You can have your telephone subscription information hidden in your operator’s e-services or by contacting your operator. It will usually take a few days for the information to be updated in directory assistance systems.

Ask that your information be removed from search engine results

When the most important steps have been taken, you may also want to consider the following:

      The above advice is based on a checklist published by the Community Cyber Response Force for those victims of the data breach who were Vastaamo customers before 2019.

      The detailed checklist for the victims of Vastaamo data breach (External link) is also available in English.

      Questions and answers for those whose information has leaked online


      Vastaamo is currently working with a number of authorities. In compliance with its obligations under relevant data protection legislation, Vastaamo will inform all customers whose data has been targeted by the information security breach.

      What should I do if my personal data has leaked online?

      Victim Support Finland

      Victim Support Finland provides help and support for the victims of the Vastaamo data breach and their loved ones.

      Office of the Data Protection Ombudsman

      Community Cyber Response Force

      The Community Cyber Response Force is a volunteer organisation formed by approximately 30 Finnish cyber security experts, which helps providers of critical services resolve and prevent cyber threats.

      Mannerheim League for child well fare

      If you are experiencing anxiety, fear or sadness you can contact Mannerheim League for child well fare also. You can seek help anonymously. Your references won't be recorded. 

      Who can help? See below for organisations providing assistance

      MIELI Mental Health Finland

      Ministry of Social Affairs and Health

      Municipalities’ emergency social and crisis services

      • Emergency telephone numbers accept calls 24/7.
      • The calls and services are free of charge.
      • For contact details, see the website of your municipality of residence.
      • You can call the emergency social and crisis services if you are experiencing anxiety, fear or sadness. They can also help you assess your need for other services or crisis assistance.
      • If you need longer-term support, they can direct you to other municipal services.
      • You can seek help yourself, or a loved one can do it on your behalf.

      Are you in need of telephone or chat counselling?

      • For a list of organisations providing counselling services, see the “Find Help” page on this website.