Security News > 2023 > September > Insurer fined $3M for exposing data of 650k clients for two years
The Swedish Authority for Privacy Protection has fined insurer Trygg-Hansa $3 million for exposing on its online portal sensitive data belonging to hundreds of thousands of customers.
To make matters worse, IMY determined that the data was exposed through Trygg-Hansa's portal to unauthorized parties for more than two years, between October 2018 and February 2021.
"The deficiencies have been of such fundamental nature that Trygg-Hansa should have been able to detect and remedy these before the current IT system was introduced and in any case, during the long period the system was used." - IMY. The insurer's failure to remedy the issues all this time, even after it received reports about the flaw, according to IMY, indicates a severe shortfall in data security and risk mitigation measures for which the regulator decided to impose an administrative penalty of $3M. The full IMY decision on the Trygg-Hansa case is available here.
Golf gear giant Callaway data breach exposes info of 1.1 million.
Forever 21 data breach: hackers accessed info of 500,000.
Paramount discloses data breach following security incident.