Swedish insurance firm Folksam Group accidentally leaked data of one million customers, giving out sensitive information to Big Tech firms such as Google, Microsoft, Facebook and Adobe. The insurance company confirmed there are no reports about data mishandling by third parties so far.
Folksam Group, one of Sweden’s leading insurance providers, accidentally shared data records of nearly one million customers with tech companies. The accidental data breach allowed Big Tech companies such as Google, Adobe, Microsoft, Facebook, and LinkedIn to gain access to customer records, due to a security error.
Data included information of sensitive nature such as the purchase of pregnancy insurance, trade union insurance and personal identity numbers. The company said there is no indication of any misuse by third parties yet.
The Swedish insurer discovered the breach after the company carried out an internal audit, following which it immediately revoked access to the data and informed Swedish Data Protection Authority, BloombergOpens a new window reported. Jens WikströmOpens a new window , Head of Marketing and Sales at Folksam Group, saidOpens a new window , “We understand that this can cause concern among our customers and we take what has happened seriously. We have immediately stopped sharing this personal information and requested that it be deleted.â€
See Also: Law Firm Data Breach Exposes Google Employees’ Personal Information
The private insurer said the breach occurred when the company tried to provide customized offers to customers. The firm has requested the companies it accidentally shared the data with to be deleted. So long as Google, Microsoft, Facebook and others abide by their ethical standards, the data should be safe (or preferably deleted).
Organizations need to ensure greater safety around customer data. Otherwise, they will, in all likelihood, go down the same path as British Airways, which was fined $25.9 million for lax data security practices. Industry leaders also need to understand the wider implications of data privacy mishandling and data protection in the post-COVID world.
So what can organizations do to prevent accidental data leaks? Gracielle CabungcalOpens a new window , Director of Legal Affairs at Digital Remedy said, “For many companies, it means simply reviewing your existing practices to stay ahead of the curve. However, for those who are still building their privacy procedures, there are a few things to consider while creating and optimizing processes that can be implemented long term.â€
She outlines four key points to improve data privacy practices. They are:
- Analysis: Make sure third-party providers and partners are responsible and honest about their approach to sensitive company data. Look for partners that are clearly telling you what your rights are. On an organizational level, make sure you meet those same expectations of your clientele and address those concerns accordingly.Â
- Data Map: Organize all of the outlets from which you are taking in and giving out information across different categories, industries, and media types. Make sure your data privacy policy is readable and discusses what your consumers’ rights are.Â
- Â Company Culture: Think about how to internalize the approach to data privacy and work towards making it a priority for the whole organization, not just the legal team. Create or strengthen internal policies, and consider employees’ privacy while building data privacy practices.
- Vendor Vetting: Ensure vendors and partners do the same and are on the same page to protect consumer privacy.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!