Telenor erroneously collects personal data of more than 100,000 people in Sweden
Norwegian telecoms company Telenor has been reported to Sweden's Data Protection Authority (Datainspektionen) after it erroneously collected the personal data of at least 120,000 customers without permission.
Telenor subcontractor Identitrade AB had access to the information held by Skatteverket when customers logged into their Skatteverket account via Telenor's site using an "e-legitimation" digital ID.
Info the company had access to included where users live and how much they earn. Skatteverket's head of security told newspaper Dagens Nyheter (DN) that using the process to access personal data is not permitted.
"It's an unchecked secondary login. You as a citizen give a private actor access to information about you," Pär Rylander from Skatteverket explained to DN.
READ ALSO: Swedish government in IT security slip-up
Skatteverket blocked the secondary log-in process once they found out about the error, and estimate around 140,000 people were affected – more than Telenor's 120,000 estimation.
"The investigation is ongoing but that could be a sign that more companies than Telenor used the service," Rylander explained.
Telenor say that they use the secondary log-in system to verify customers in their online payment system, but erroneously took in more information than necessary.
Telenor has also reported the mistake to the Data Protection Authority, and insist that the personal data has not been spread to any other parties.
Comments
See Also
Telenor subcontractor Identitrade AB had access to the information held by Skatteverket when customers logged into their Skatteverket account via Telenor's site using an "e-legitimation" digital ID.
Info the company had access to included where users live and how much they earn. Skatteverket's head of security told newspaper Dagens Nyheter (DN) that using the process to access personal data is not permitted.
"It's an unchecked secondary login. You as a citizen give a private actor access to information about you," Pär Rylander from Skatteverket explained to DN.
READ ALSO: Swedish government in IT security slip-up
Skatteverket blocked the secondary log-in process once they found out about the error, and estimate around 140,000 people were affected – more than Telenor's 120,000 estimation.
"The investigation is ongoing but that could be a sign that more companies than Telenor used the service," Rylander explained.
Telenor say that they use the secondary log-in system to verify customers in their online payment system, but erroneously took in more information than necessary.
Telenor has also reported the mistake to the Data Protection Authority, and insist that the personal data has not been spread to any other parties.
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.