Credit register extracts requested from the Positive Credit Register without relevant grounds

News updated on May 17, 2024, with a clarification that only the software API of the lender in question has been closed.

The Positive Credit Register checks whether any abuse has taken place when registered data is retrieved.

According to current knowledge, a data breach was targeted at software used by a lender, as a result of which credit register extracts were requested from the Positive Credit Register without relevant grounds. No data breach was targeted at the Positive Credit Register.

As a precaution, the software API for the lender in question has been closed temporarily. We are currently investigating the number of customers the incident concerns.

Personal identity codes phished as a result of previous data breaches targeted at other organisations were possibly used in the data breach.

The Finnish Tax Administration’s Incomes Register Unit, which maintains the Positive Credit Register, is currently conducting a thorough investigation of the incident. If required, the Incomes Register Unit will also cooperate with other authorities, including the Data Protection Ombudsman and the Police of Finland.

The use of the Positive Credit Register is supervised and monitored at all times, and any suspicious activities will be reacted to. The Incomes Register Unit may block a certain party’s access to registered data either temporarily or permanently.

Citizens can access their registered data and view the credit register extracts requested about them in the Positive Credit Register’s e-service. There, users can also set a voluntary credit ban for themselves free of charge.

If you have not applied for credit but you still notice in the register that a credit register extract has been requested about you, call our customer service.