Sweden
Sportadmin i Skandinavien AB
565,000 €
GDPR enforcement action by Data Protection Authority of Sweden (Integritetsskyddsmyndigheten) on 2026-01-26.
Rank · Sector
#42
of 597 in Industry and Commerce
Rank · Sweden
#15
of 46
Rank · All fines
#228
of 3,050
Case details
- Authority
- Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)
- Date
- 2026-01-26
- Controller / Processor
- Sportadmin i Skandinavien AB
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 32 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Swedish DPA has imposed a fine of EUR 565,500 on Sportadmin i Skandinavien AB. The controller suffered a sucessfull cyber attack, resulting in personal and special category data of 2,126,075 individuals, including minors, beeing published in the darknet. The attack happend due to an succesfull SQL injection on one of the controllers websites, which had not been protected against this kind of attack, granting the attacker access to the controllers server, allowing him to exfiltrate said data.
Open original source
Links to the regulator's original publication or another source.
Related fines
Sweden
2020-03-11
5,000,000 €
ETid-232
Google LLC
Media, Telecoms and Broadcasting
Sweden
2023-06-12
4,900,000 €
ETid-1876
Spotify
Media, Telecoms and Broadcasting
Sweden
2024-08-29
3,200,000 €
ETid-2449
Apoteket AB.
Health Care
Sweden
2023-08-28
3,000,000 €
ETid-2021
Trygg-Hansa
Finance, Insurance and Consulting
Sweden
2020-12-03
2,900,000 €
ETid-473
Capio St. Göran AB
Health Care
Sweden
2021-06-21
1,600,000 €
ETid-733
Storstockholms Lokaltrafik
Transportation and Energy