Data breach at Collectia and Xplora

System failure uncovered: Serious data breach at Collectia and Xplora - Customer feels powerless

Leak reveals reprehensible practices: The debt collection company blames the wrong email, while the customer rages against lack of privacy.

Nettsak.no has uncovered a serious data breach involving debt collection giant Collectia and children's watch supplier Xplora. Sensitive personal data, including children's phone numbers, has ended up in the wrong hands. Collectia blames an incorrect email address provided by customer Tobias Tobiassen, but he fights back strongly, accusing the company of gross neglect of privacy.

Wrong addressee: Email gone astray

Email sent to an email address that does not belong to Tobiassen. Zecurecode.com is a domain that offers, among other things, public reading of emails that are not sent to an existing email address, such as mailinator.com.

The email, which contained details of a debt collection case and information about an Xplora children's watch, was sent to the address tobiasop1@zecurecode.com, an address that has never belonged to Tobiassen. Zecurecode.com is a domain administered by InfoDesk AS and operated by Open Info. Due to a catch-all feature, which captures all emails sent to non-existent addresses, the sensitive information ended up in a common pool available to a large number of technicians, freelancers and developers.

Collectia blames the customer - Tobiassen strikes back

In a statement to Nettsak.no, Collectia maintains that the error is due to Tobiassen himself providing the wrong e-mail address. The company claims they have followed their routines and pushes the responsibility onto the customer.

Tobiassen strongly rejects Collectia's explanation. "I have never given the wrong e-mail address. This is an embarrassing attempt to disclaim responsibility," says an upset Tobiassen. He can document that he has provided correct information and believes that Collectia's handling of the case is nothing less than a scandal.

Collection letter to former employer: A mockery of privacy

Collectia also tries to justify sending information to Tobiassen's former employer, citing the fact that he was previously employed by ZecureCode. "This is an arrogant practice and shows a total lack of respect for basic privacy," Tobiassen rages.

Exposed children's personal data: A particularly serious incident

The data breach has affected an Xplora customer with a children's watch and subscription. The leaked information could potentially be misused for identity theft, fraud and other criminal acts. It is particularly serious that children's personal data has gone astray, which makes the breach even more serious.

Gross violation of GDPR: Lack of control in the industry

The data breach represents a gross violation of the EU's General Data Protection Regulation (GDPR), which sets strict requirements for the protection of personal data, especially when it comes to children. The incident also reveals a serious lack of control in the industry, where companies appear to have very weak compliance with the data protection rules.

Nettsak.no demands action and responsibility

Nettsak.no demands that Collectia and Xplora immediately take responsibility for the leak, inform all affected customers and take measures to prevent similar incidents. We also question the industry's practices in general and the need for stricter supervision.

Interview with Tobias Tobiassen: "This could be the tip of the iceberg"

In an exclusive interview with Nettsak.no, Tobias Tobiassen expresses his deepest frustration and anger:

"I am shocked and outraged that my and my child's personal data has ended up in the hands of unauthorized persons. This is a gross breach of trust, and I demand that Collectia and Xplora take responsibility. I have documentation showing that I have provided correct information, and Collectia's excuses are a pure diversion from the core of the matter."

Tobiassen further explains that he worked at ZecureCode AS until 2022 and then had the e-mail address tobias@zecurecode.com. After he left, he has had tobias@op1.no as his e-mail address. He says that there is nothing that would indicate that Collectia should have used the email address tobiasop1@zecurecode.com. Tobiassen himself believes that they have merged his 2 email addresses, and that is the reason why information has been leaked to the wrong email address.

"This could be the tip of the iceberg. If they've made this mistake with me, how many others have they done it to? It's a systemic failure and it shows that companies don't take privacy seriously. I feel completely powerless."

What can you do if you are affected?

If you are an Xplora customer and suspect that your personal data has been leaked, you should:

Please contact Xplora and Collectia immediately for information about your case.
Change passwords and other sensitive information.
Pay extra attention to suspicious emails and scam attempts.
Contact the Norwegian Data Protection Authority to report the breach.

Nettsak.no is following the case closely and demands answers

Nettsak.no will continue to cover this serious matter and demand answers from Collectia, Xplora and relevant authorities. We will keep our readers updated on developments.

It is important to note that both Xplora and Collectia were notified of this matter prior to publication. Both companies have responded to the inquiry and claim that they do not consider the incident to be a breach of law. Xplora has even demanded that the article be unpublished. This attitude, especially Xplora's request to Nettsak.no to contact the Norwegian Data Protection Authority, raises serious questions about the company's understanding and respect for GDPR.

Questions ignored

Neither Xplora nor Collectia has answered the specific questions posed in the email from Nettsak.no:

How did this data breach happen?
What measures have you taken to prevent similar incidents in the future?
Have you notified the Norwegian Data Protection Authority and the affected parties about the incident?
What procedures do you have in place to ensure that personal data is not inadvertently shared?
Have you considered compensating the affected parties for any consequences of the leak?

Both Xplora and Collectia have been informed of the publication of this article and have been given the opportunity to respond.

Source base and transparency

The source basis for this case is an e-mail sent to a public service operated by Open Info on behalf of ZecureCode AS. Open Info operates the online newspaper Nettsak.no. Other sources are Tobias Tobiassen, and InfoDesk AS's AI service has been used to analyze the case against Norwegian legislation. InfoDesk AS's AI service has also been used to assist with the generation of article content, controlled by the author.

Del:

Read also...

Founder Odd André makes a comeback in online shopping after acquiring Enklere Kontor AS - Focusing on innovative solutions for modern office work

The quantum and AI revolution: What's next?

Donald Trump's AI Policy and Its Potential Impact on ChatGPT and OpenAI Access in Norway

Tip us

Follow us on Instagram

Responsible publisher

Open info

Privacy policy