Sambla Group, a loan comparison provider, has been hit with a €950,000 fine after a major data security failure left customers’ personal information exposed. The Finnish Data Protection Authority found that sensitive data including contact details, income, and housing costs were accessible via personal URLs, making it easy for unauthorised third parties to access private information.
The #databreach, which was uncovered in early 2024, forced regulators to order an immediate halt to the use of the vulnerable URLs. Sambla Group has since removed the vulnerable links and has introduced stronger authentication and pledged to tighten security. However, the damage was already done.
This case highlights the risks of weak cybersecurity in online services. Cybercriminals constantly searching for vulnerabilities in systems. One of the first of such cases reported under the GDPR was that of CNIL (the French Data Protection Authority) issuing a fine to Sergic for failing to adequately restrict access to key documents with vital personal information – due to inadequate security controls.
Failing to secure sensitive data becomes a matter of vital importance. Such data breaches do not just invite fines - they undermine consumer trust and expose businesses to serious reputational harm. In today’s digital world, security is not an option, it is a must.
