Telenor Sweden came under the spotlight after it was revealed the company had wrongly collected data from up to 140,000 customers.
The Swedish tax authority – Skatteverket – said Telenor customers were able to log in to its services using “e-credentials”. It said a Telenor subcontractor, Identitrade, gained access to additional information and warned customers should only log in to its site using officially-issued credentials.
It also said Telenor and Identitrade had their access to the systems withdrawn; that there is no evidence data received had been spread; and that the Swedish Data Inspectorate had been notified.
Telenor, however, issued a statement clarifying its position, stating Skatteverket had issued information which could be misleading. It said 120,000 customers were impacted, slightly lower than the authority’s figures.
It explained an incorrect setting meant additional data was received, including name, address and spousal information. This was deleted “immediately after the error was detected” and was not disclosed outside of Telenor or its supplier, which it referred to as Identiway, rather than Identitrade.
Telenor also said it did not have access to information such as customer income or tax payments.
With the increasing focus on customer privacy, in the wake of the Facebook privacy scandal and the introduction of GDPR in Europe, the timing is less than ideal for Telenor. And with governments looking for wider adoption of e-government services, trust will be an important issue.