Swedish insurance company Trygg-Hansa has been fined $3 million for exposing the personal data of 650,000 customers on its online portal.
The data breach, which occurred between October 2018 and February 2021, exposed sensitive information including names, addresses, phone numbers, financial details, health information, and social security numbers.
The Swedish Authority for Privacy Protection (IMY) said that Trygg-Hansa had failed to take appropriate security measures to protect the data.
“The deficiencies have been of such fundamental nature that Trygg-Hansa should have been able to detect and remedy these before the current IT system was introduced and in any case, during the long period the system was used.” – IMY
The fine is the largest ever imposed by the IMY for a data breach.
