Swedish DPA Fines Insurer

The Swedish data protection authority fined insurer Trygg-Hansa $3 million for a data breach that exposed the sensitive information of approximately 650,000 customers through the company’s online portal. The data protection authority’s investigation revealed the exposure had gone on for over two years, from October 2018 to February 2021.

The breach came to light after a customer of Moderna Försäkringar, now part of Trygg-Hansa, stumbled on a vulnerability that allowed access to the insurer’s back-end. The flaw was accessible through unique web addresses provided on quotation pages sent to clients via SMS or email. The exposed data included personal details, health information, financial records, contact information, Social Security numbers and insurance specifics.