Sweden Sweden

Trygg-Hansa

3,000,000 €

GDPR enforcement action by Data Protection Authority of Sweden on 2023-08-28.

Rank · Sector
#12
of 322 in Finance, Insurance and Consulting
Rank · Sweden
#4
of 46
Rank · All fines
#101
of 3,051

Case details

Authority
Data Protection Authority of Sweden
Date
2023-08-28
Controller / Processor
Trygg-Hansa
Sector
Finance, Insurance and Consulting
Quoted Articles
Art. 5 (1) f) GDPR, Art. 32 (1) GDPR
Type of violation
Non-compliance with general data processing principles

Summary

The Swedish DPA has fined Trygg-Hansa EUR 3 million for serious data security breaches. The security breach was discovered when a recipient of an email from Trygg-Hansa realized that by changing a web link, they could access other customers' documents without authentication. Due to these security breaches, it was possible to access sensitive data of about 650,000 customers, including health, financial and contact information, over a span of more than two years, from October 2018 to February 2021.

The DPA found that Trygg-Hansa had failed to implement adequate technical and organizational measures to protect personal data, which allowed such an incident to occur.

Open original source Links to the regulator's original publication or another source.

Related fines