Information security deviation in Tuudo

On Tuesday, 15th of October during the afternoon there was an unfortunate error in the Tuudo mobile app. Error caused a breach of information security for one student. What happened was an unintended exposure of information, caused by a human mistake. The error was identified immediately, and it was fixed within two minutes of the occurrence.

On Tuesday, 15th of October during the afternoon there was an unfortunate error in the Tuudo mobile app. Error caused a breach of information security for one student. What happened was an unintended exposure of information, caused by a human mistake. The error was identified immediately, and it was fixed within two minutes of the occurrence. 

During those two minutes, 67 users in Tuudo may have been able to see one student’s timetable and transcript of studies. In addition, 11 users may have been able to see this students’ student card, however with their own photo. The transcript of studies is a public document, and the student card does not contain confidential personally identifiable information, and even though the incident is unfortunate, its effect on the information security of the affected person remains minor.

The information security of students is extremely important to both the University of Oulu, and to Tuudo. The incident was handled with due seriousness and immediate action. The affected student has been personally informed with detailed information about the incident. The University of Oulu has voluntarily notified the Office of the Data Protection Ombudsman, in spite the minority of the effects to the data subject.

In order to prevent similar errors in the future, the relevant improvements in Tuudo have been completed.

Please see the data privacy notice of the University of Oulu for more information about data safety of the students.

Last updated: 18.10.2019