Klarna Customer Reacts to Privacy Breach that Exposed her Personal Information
On May 27, 2021, Klarna, a mobile banking service in Sweden, experienced a data breach caused by a faulty configuration change in their app. During thirty-one minutes between the change and the disabling of the app, Klarna users were able to view personal information of other Klarna account holders. Some of the affected users took to Twitter to share their privacy breach experiences. Esra Efe Laborde, a Klarna user, shared on Twitter what happened to her Klarna account when she attempted to log in:
Social media enables us to witness the impact of a privacy breach, as experienced by the affected user in real time. As demonstrated in the tweets above, Esra Efe Laborde expressed a significant level of concern once she discovered her account was affected by Klarna’s “faulty configuration change.” Her level of concern is expected as the consequences of privacy breaches can have a devastating impact on affected parties.
Shortly after the privacy breach, Klarna issued an official response, which stated, “We take the protection of our user information very seriously and regret that this incident ever occurred and that we failed to live up to our high standards for privacy”. On June 4, 2021, Klarna shared a May 27 Incident Report on the company’s blog that included an “overview of the incident” and a lengthy “Q&A” section. Klarna addresses the possibility of a General Data Protection Regulation (GDPR) violation in the Q&A section, in which they state the company has “assessed the incident and reported it in accordance with applicable laws including the GDPR”.
The privacy breach at Klarna is another stark reminder that privacy management is challenging and mistakes are bound to occur. Privacy professionals must possess an in-depth understanding of privacy regulations such as the GDPR and a strong understanding of what should be included in a privacy program to mitigate the effects of a privacy breach and the role ofof a Data Protection Officer (DPO), especially in the event of a privacy breach. These skills will enable privacy professionals to decrease risk and enable them to properly handle a breach if it occurs. Passing GDPR related privacy certification exams is one way privacy professionals can demonstrate their privacy competence and in-depth understanding of privacy regulations.
If you are interested in learning more about how to master the GDPR, DPO and the CIPP/E exams, please visit our online course, Crush the GDPR, DPO and CIPP/E Exams at Udemy. If you would like to learn more about all things privacy, visit our site: www.privacilearning.com.