Swedish insurance company Folksam on Tuesday revealed that data on 1 million customers was inadvertently shared with third-parties.
Headquartered in Stockholm, the firm was established over a hundred years ago and is currently one of the largest insurers in Sweden. In 2001, the company sold the English subsidiary Folksam International.
The newly disclosed data security incident was identified during an internal audit. Immediately after discovering the issue, the company stopped the data sharing, contacted its partners to ask them to erase the data, and also informed authorities on the matter.
“We understand that this can cause concern among our customers and seriously point out what has happened. We immediately stopped sharing this personal information and requested to be deleted,” a Google Translate version of the company’s announcement reads.
The idea behind the data sharing, Jens Wikström, head of marketing and sales at Folksam, explains, was to provide customized offers to its users, but the operation was not performed correctly.
The company notes that the incident involves sensitive information that some of its customers might have shared, such as the type of insurance purchased and personal identity numbers (the equivalent of SSNs in Sweden). Folksam says it is not aware of the impacted data being improperly used by third parties.
The insurance company shared the sensitive information with Adobe, Facebook, Google, LinkedIn, and Microsoft. The purpose of the data was to analyze the information that users searched for on påfolksam.se, so as to provide them with customized offers.
Folksam also noted that this incident shouldn’t have happened and that it is working on ensuring that a similar data leak won’t happen again.