Norwegian telecom company Telenor has been reported to Sweden's Data Protection Authority after it erroneously collected the personal data of between 120,000 and 140,000 Swedish customers without permission, the Swedish daily Dagens Nyheter reported.
Telenor's Swedish subcontractor Identitrade AB turned out to have access to information held by the Swedish Tax Agency when customers logged to their Tax Agency account via Telenor's site using digital ID. The information the company gained access to included where users live and how much they earn.
According to Swedish Tax Agency head of security Pär Rylander, the process used in accessing personal data was not permitted.
"It's not allowed to do this stuff and you're not really expected to do it. It's an unchecked secondary login. As a citizen, you give a private actor access to information about you," Pär Rylander explained.
READ MORE: Money, Money, Money: Sweden to Become World's First Cashless Society by 2023
Having discovered the slip-up, the Swedish Tax Agency immediately blocked the secondary log-in process. By then, however, around 140,000 people in the Scandinavian nation of 10 million were already affected. Telenor's own estimate put the number of victims somewhat lower, at 120,000.
Rylander said an investigation was ongoing, stressing that the incident could be a sign that companies other than Telenor have used this service.
Identitrade CEO Philip Hallenborg admitted using the data from the Tax Agency.
"We have a service that utilizes the Swedish Tax Agency's website in a way they do not like," he said.
Telenor communications manager Aron Samuelsson confirmed the incident, admitting that his company had used the secondary log-in system to verify customers in their online payment system, but erroneously took in more information than necessary. At the same time, he insisted that the personal data hasn't been spread to other parties.
Telenor ASA is a Norwegian multinational telecommunications company headquartered in Fornebu, Bærum, close to Oslo. With about 35,000 employees, it is one of the world's largest telecom companies with worldwide operations focusing on Scandinavia, Eastern Europe and Asia. It is the third-largest company listed on the Oslo stock exchange after DNB and Equinor (formerly known as Statoil).
READ MORE: Norwegians Baffled as Oil Giant Drops 'Oil' in Push for Environment, Diversity
Telenor started off in 1855 as a state-operated monopoly provider of telegraph services and the Norwegian state remains the majority shareholder.
