Viking Line data breach linked to international hacker group, police investigation underway

A data breach affecting ferry operator Viking Line has been traced to an international hacker group, according to a cybersecurity firm involved in the case. Finnish police have launched a criminal investigation into the incident, which exposed customer data.

Digitalist Experience, a subcontractor and system provider for Viking Line, reported the breach to authorities. The company’s CEO, Jussi Hermunen, told Finnish broadcaster Yle that the attack was carried out by professional hackers who spent days infiltrating the system.

“This was not an opportunistic breach—it was a targeted, prolonged effort,” Hermunen said. The hacker group has been linked to previous high-profile cyberattacks, including a recent intrusion into Swedish IT firm CGI’s systems, which are used for citizen authentication via bank credentials.

Hermunen suggested the group’s motives likely include financial gain through extortion and notoriety. “They don’t know in advance what data they’ll obtain, but they hope for something valuable,” he added.

Viking Line has not confirmed whether a ransom demand was made. Last week, the company’s communications director, Christa Grönlund, told Ilta-Sanomat that no demands had been received. On Monday, Viking Line declined further comment.

The breach exposed personal customer data but not payment details or national identification numbers, according to the company. Affected customers—estimated at 0.1–0.2% of Viking Line’s total client base—have been notified. While the company has not disclosed exact numbers, earlier reports suggested thousands may be impacted.

“This represents a very small portion of our customers,” said Viking Line’s communications manager, Johanna Boijer-Svahnström.

The Helsinki Police Department is investigating the case under Finland’s data breach laws.