Swedish insurance firm Folksam recently compromised the data of one million Swedish nationals, said Bleeping Computer. The leak is a result of the insurer sharing its clients’ information with big tech companies like Google, Microsoft, and Facebook.
According to the firm’s Head of Marketing and Sales Jens Wikstrom, this security weakness was identified after an internal audit, which was conducted to evaluate the type of information entered by visitors on the Folksam website.
Folksam is one of the biggest insurers in the country. It is also one of the biggest investors in many major Swedish firms, as well as one of the biggest asset managers and handles more than $50 billion in insurance assets.
Wikstrom said, “This should not happen and we are now working hard so that it never happens again. We map which personal data we share with our partners and how we share them. We work in parallel to ensure that we have routines and updated agreements in place.”
The leak involves sensitive information including social security number, as well as types of insurance taken out by clients.
According to Bloomberg, the company admitted that these info “can be considered sensitive” as in includes details on Union membership and pregnancy insurance.
Aside from Google, Microsoft, and Facebook, other tech companies that had access to shared info includes LinkedIn and Adobe.
The shared info is supposedly used by the companies to provide targeted offers via various platforms. The insurer analyzed the info provided by customers to provide custom offers but it “[did] it in the right way.”
Bleeping Computer remarked that Folksam decided to cease info sharing with the tech companies. It also requested its digital partners to delete all shared information they possess.
In a statement released by the firm, it said, “We understand that this can cause concern among our customers and we take what happened seriously.”
To quell customer concerns regarding the illegal use of their data, the insurance firm noted that “there is no evidence at the moment that the shared sensitive data has been used by any third parties improperly.”
Reuters reported that the info security watchdog in Sweden has already been notified about the incident. The reports did not mention action from the Data Inspectorate.
In Europe, regulators have been fining companies for leaks over the past years because of the strict privacy rules in the region, especially in light of the General Data Protection Regulation (GDPR).