One of Sweden’s largest private insurers, Folksam Group, says a data breach affected one million of its clients. Folksam said it had accidentally allowed big tech companies to access customers’ private data, Bloomberg reported.
Folksam shared client data with Facebook, Google, Microsoft, LinkedIn and Adobe, the Swedish company said in a statement on Tuesday (Nov. 3). The firm said it discovered the breach after an internal audit and that it has reported the breach to Swedish regulators.
There’s no indication that “the information has been used by third parties in any improper manner,” noted Folksam, which has asked the companies to delete the information from their systems.
Among other things, Folksam provides personal loans and homeowners insurance along with commercial insurance for cars, boats, trade unions and other organizations. It oversees about $50 billion in insurance assets and is a major investor in a number of Sweden’s biggest companies.
“We understand that this can cause concern among our customers, and we take what has happened seriously,” Folksam said in the news report. “We have immediately stopped sharing this personal information and requested that it be deleted.”
Folksam said the breach happened as it was trying to “analyze and give our customers customized offers.”
“But unfortunately, we have not done it in the right way,” said Jens Wikstrom, Folksam’s head of marketing and sales.
Some of the data that was shared “can be considered sensitive,” such as information revealing union membership and pregnancy insurance, the company said.
Cybersecurity is taking on increasing importance — whether it involves foreign countries seeking to undermine U.S. elections or fraudsters looking to take advantage of the pandemic’s eCommerce trends.
Securities and Exchange Commission (SEC) Chairman Jay Clayton said that corporate America needs to do more to address the issue. “Cyber risks have not gone away with the unfortunate, unforeseen risks we’ve faced with COVID and other uncertainties in our economy,” he said. In October, the SEC put out 30 cyber-alerts across various industries, along with warnings to customers.