Swedish insurance company Folksam on Tuesday revealed that data on 1 million customers was inadvertently shared with third-parties.
Headquartered in Stockholm, the firm was established over a hundred years ago and is currently one of the largest insurers in Sweden. In 2001, the company sold the English subsidiary Folksam International.
The newly disclosed data security incident was identified during an internal audit. Immediately after discovering the issue, the company stopped the data sharing, contacted its partners to ask them to erase the data, and also informed authorities on the matter.
“We understand that this can cause concern among our customers and seriously point out what has happened. We immediately stopped sharing this personal information and requested to be deleted,” a Google Translate version of the company’s announcement reads.
The idea behind the data sharing, Jens Wikström, head of marketing and sales at Folksam, explains, was to provide customized offers to its users, but the operation was not performed correctly.
The company notes that the incident involves sensitive information that some of its customers might have shared, such as the type of insurance purchased and personal identity numbers (the equivalent of SSNs in Sweden). Folksam says it is not aware of the impacted data being improperly used by third parties.
The insurance company shared the sensitive information with Adobe, Facebook, Google, LinkedIn, and Microsoft. The purpose of the data was to analyze the information that users searched for on påfolksam.se, so as to provide them with customized offers.
Folksam also noted that this incident shouldn’t have happened and that it is working on ensuring that a similar data leak won’t happen again.
Related: Britain Fines US Hotel Chain Marriott Over Data Breach
Related: Law Firm Says Google Employee Information Compromised in Data Breach
Related: Freepik Discloses Data Breach Impacting 8.3 Million Users
Related: Warner Music Discloses Data Breach Affecting e-Commerce Websites
More from Ionut Arghire
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
Latest News
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- New York Attorney General Fines Vendor for Illegally Promoting Spyware
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
