Skip to content

This website uses Google Translate.

Contact

The music institute's student information system has had too broad access rights

3.2.2026 News Privacy Policy Kankaanpää Music Institute Security

The Riihimäki City Music Institute's Eepos student information system has had excessively broad user rights. The matter came to light in connection with the music institute's daily operations. The excessively broad user rights were disabled immediately after the matter was discovered, on Thursday, January 22, 2026.

The overly broad access rights allowed an employee logged into the system with administrative credentials to view all of the information of any user in the system. In addition to the student's personal information, the student administration system contains, for example, the student's guardian's information and contact information, as well as information about teaching groups, assessments, and matters related to the organization of teaching. Such broad access rights are now limited to specifically designated persons for use by the music institute's administrative personnel.

There is no information on abuse.

The city is currently not aware of any attempts to exploit the information security vulnerability resulting from overly broad user rights for improper purposes.

The city's data protection officer filed a data breach notification with the Office of the Data Protection Ombudsman on the same day. An organization must file a notification with the Office of the Data Protection Ombudsman when there is reason to suspect that personal data has been processed in violation of data protection regulations, even if no abuse is suspected.

"We take personal data breaches seriously. Fortunately, the city has an operating model for such situations, which was launched immediately after the matter became known," says Minni Ilmonen, principal of the music institute.

The city is not currently aware of any misuse of the data. If you suspect that a security vulnerability resulting from overly broad access rights has been misused, please contact the city's data protection officer by email. privacy@riihimaki.fi or by phone 050 523 7304 (calls only).

Contact information

Ilmonen Minni

Principal of adult education center and Art Basic Education

Education and welfare

Office at the adult education center (room 209), Puistikko 5. Make an appointment in advance.

Archive of categories: News

Keywords: Privacy Policy , Kankaanpää Music Institute , Security ,

All articles: Latest news