Klarna battles serious data breach, with reports of leaked user info | Sifted

Klarna battles serious data breach, with reports of leaked user info
The Buy Now Pay Later giant is battling a tech error, which compromised some user information
BY ISABEL WOODFORD 27 MAY 2021

Facebook share icon
Twitter share icon
LinkedIn share icon
Email share icon
Flipboard share icon

27
Knowledge Tracker
Consumers have raised the alarm after user information was mistakenly leaked at Klarna, Europe’s largest private fintech.

The company, which is reportedly in the throes of closing a deal valuing it at $40bn, came under fire on Thursday after users complained they were being accidentally logged in as other people, given them access to strangers’ personal information.

That included randomised postal addresses and past purchases. Partial card details were also exposed, according to one tweet.


Klarna responded by temporarily locking down its app services, and said a technical error was to blame.

The company, which is headquartered in Sweden, now boasts over 90m users worldwide, and saw app downloads grow at pace last year both in Europe and the US.

The reports of data leaks were a blow to the fintech darling which has scooped up increasing amounts of investor cash and is being wooed by regulators across the continent for a potential initial public offering.

Still, the fintech isn’t the first fast-growing European startup to face data troubles. An IT collective in Germany raised alarm bells earlier this month about delivery startup Gorillas, which is reported chasing a $6bn valuation. The group found weaknesses in its data security and were able to access sensitive customer information.

Not a hack
Klarna issued a statement Thursday that stressed the incident was not an external attack.

It also initially stated that up to 90,000 app users had been affected but later reduced that number to a maximum of 9500.

The statement, penned by CEO Sebastian Siemiatkowski stated there had been a “self-inflicted incident, that for 31 min affected not more than 9,500 of [its] app users.

He added “that a human error caused the bug and it was not an external breach of [the company’s] systems.”

“It is important to note that the access to data has been entirely random and not showing any data containing card or bank details (obfuscated data). Even though GDPR would classify the information visible as ‘non-sensitive’, for Klarna all data is important. We are taking this incident very seriously and we will work tirelessly to regain the affected consumers’ trust,” the statement said.

A spokeswoman for the company also clarified that the data was “was not actionable upon”, from a regulatory perspective.

It’s unknown if the breach affected just the UK.