Breach Report Policy

1 Introduction

Definition

Our breach report policy is a part of our transparency policy of our operation. It is our principle to provide our customers and visitors chance to know how we operate in the situation of the breach or in the attempted breach to our system. This document will describe how our operation proceeds.

Notification

Our principle is to keep this document up to date and to provide exemplary explanations of our operations, but in some cases, to provide the most secure operations to the user, our staff may in the case of emergency skip certain steps introduced below to ensure safety of our visitors, users and customers.

2 In the event of breach

Primary actions

In the very case of attempted breach or a breach to our system, our staff will follow these security procedures

  • Take affected systems offline fully
  • Block all the sources and individuals hehind the breach, secure the system and all user data
  • Locate the method and reason of the breach, secure the all user data
  • Take actions to ensure safety of the user accounts, such as, automatically update all user passwords to new random password which user can change later on
  • Call on the critical security meeting of the system operators

Secondary actions

After securing our system, our staff will follow these security procedure

  • Immediatly contact to all customers to what breach affects and report the event to them, encouraging to check and secure their data
  • Immediatly report to local information comission Finnish Communications Regulatory Authority (FICORA) of the breach
  • Immediatly contact proper authorities, such as local law enforcement about the breach
  • Consult the system operating team and conclude the reasons of the breach and procedures to ensure it will not take place again

Post-breach actions

After the breach has been stopped, and users as well as proper authorities have been informed, our staff will follow these security procedures

  • Redefine and optimize any needed systems, consult security professionals and make full system-wide check
  • Check-and-confirm that any secondary systems have not been affected and the system is fully safe to return to online
  • Consult proper local authorities for any additional needed information or actions
  • Return the secure system back online safely
23.04.12.272