Two men sentenced for security breach of OmaPosti service in Finland

Two men in their twenties have been sentenced to conditional imprisonment for their involvement in a security breach of the OmaPosti service in Finland. Between late 2019 and early 2020, the pair devised a method to access the OmaPosti accounts of Finnish users by utilizing a specialized cyber-attack program. The breach enabled them to gain control over numerous accounts, which they exploited to generate fraudulent invoices.

Additionally, they misused stolen personal and banking information to order taxi rides and make clothing purchases. Their criminal activities came to light relatively quickly, leading to their prosecution.

In court, the primary defendant, born in 2000, received a sentence of one year and eight months of conditional imprisonment after being found guilty of serious data breaches, various frauds, and attempted frauds. He contended that he should only be charged with a lesser form of data breach but denied the allegations of serious wrongdoing. The court deemed the act particularly egregious due to its targeting of a significant public service, which caused considerable harm and aimed at achieving considerable financial gain.

The second defendant, born in 1999, received a shorter sentence of eight months of conditional imprisonment, reflecting his lesser involvement. He claimed to have merely provided his account number for the primary defendant’s use, a defense that the court did not accept. Evidence showed he had shared stolen personal information with the main defendant and played a role in the breach. The decision is not yet final, as there is a possibility of appealing to a higher court.