Trygg-Hansa – €3,000,000 Fine (Sweden, 2023)

€3,000,000Integritetsskyddsmyndigheten28 August 2023Sweden
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Trygg-Hansa faced a EUR 3 million fine for serious data security issues that exposed sensitive information of about 650,000 customers. The company allowed a security flaw that let people access others' documents without permission. This incident highlights the importance of strong data protection measures for businesses handling personal information.

What happened

Trygg-Hansa had a security breach that allowed unauthorized access to sensitive documents of customers.

Who was affected

Approximately 650,000 customers whose health, financial, and contact information was exposed were affected.

What the authority found

The Swedish DPA found that Trygg-Hansa failed to implement adequate security measures to protect personal data.

Why this matters

This case emphasizes that companies must prioritize data security to prevent breaches. It serves as a warning that inadequate protection can lead to significant financial penalties.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 32(1) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
amount discrepancy
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Trygg-Hansa actions
Full Legal Summary
Detailed

The Swedish DPA has fined Trygg-Hansa EUR 3 million for serious data security breaches. The security breach was discovered when a recipient of an email from Trygg-Hansa realized that by changing a web link, they could access other customers' documents without authentication. Due to these security breaches, it was possible to access sensitive data of about 650,000 customers, including health, financial and contact information, over a span of more than two years, from October 2018 to February 2021. The DPA found that Trygg-Hansa had failed to implement adequate technical and organizational measures to protect personal data, which allowed such an incident to occur.

Related Enforcement Actions (0)

No other enforcement actions found for Trygg-Hansa in SE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

28 August 2023

Authority

Integritetsskyddsmyndigheten

Fine Amount

€3,000,000

Enforcement Tracker ID

ETid-2021

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Trygg-Hansa - Sweden (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: