Sportadmin i Skandinavien AB – €565,000 Fine (Sweden, 2026)

€565,000Integritetsskyddsmyndigheten26 January 2026Sweden
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Sportadmin i Skandinavien AB faced a fine after a cyber attack exposed personal data of over 2 million people, including minors. The attack happened because their website was not properly secured against SQL injection, allowing hackers to access sensitive information. This incident highlights the importance of strong cybersecurity measures for businesses handling personal data.

What happened

A cyber attack on Sportadmin i Skandinavien AB exposed personal and special category data of 2,126,075 individuals due to inadequate website security.

Who was affected

Individuals whose personal and special category data was published on the darknet, including minors.

What the authority found

The Swedish DPA imposed a fine because the company failed to protect personal data adequately, violating Article 32(1) of GDPR regarding security measures.

Why this matters

This case emphasizes the need for businesses to implement robust cybersecurity practices to protect personal data. Companies should regularly assess their security measures to prevent similar breaches.

GDPR Articles Cited

AI-verified

Art. 32(1) GDPR
View original scraped data
Art. 32(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
amount discrepancy
Sweden enforcementIntegritetsskyddsmyndigheten actionsAll Sportadmin i Skandinavien AB actions
Full Legal Summary
Detailed

The Swedish DPA has imposed a fine of EUR 565,500 on Sportadmin i Skandinavien AB. The controller suffered a sucessfull cyber attack, resulting in personal and special category data of 2,126,075 individuals, including minors, beeing published in the darknet. The attack happend due to an succesfull SQL injection on one of the controllers websites, which had not been protected against this kind of attack, granting the attacker access to the controllers server, allowing him to exfiltrate said data.

Related Enforcement Actions (1)

Other enforcement actions involving Sportadmin i Skandinavien AB in SE

Fine
Jan 2026· Integritetsskyddsmyndigheten

Sportadmin i Skandinavien AB (the processor) operated a digital administration platform on behalf of sports clubs and associations (the controllers). ...

€528K
Current
Jan 2026

Fine

€565K

Details

Fine Date

26 January 2026

Authority

Integritetsskyddsmyndigheten

Fine Amount

€565,000

Enforcement Tracker ID

ETid-3027

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Sportadmin i Skandinavien AB - Sweden (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: