Data Breach at Collectia and Xplora

Collectia blames the customer – Tobiassen hits back

In a statement to Nettsak.no, Collectia maintains that the error was caused by Tobiassen himself providing the wrong email address. The company claims it has followed its procedures and shifts the responsibility onto the customer.

Tobiassen strongly rejects Collectia's explanation. "I have never given the wrong email address. This is an embarrassing attempt to evade responsibility," says an upset Tobiassen. He can document that he provided the correct information and considers Collectia's handling of the case to be nothing short of a scandal.

Debt collection letter to former employer: An affront to privacy

Collectia also tries to justify sending information to Tobiassen's former employer, citing that he was previously employed at ZecureCode. "This is an arrogant practice and shows a total lack of respect for basic privacy," rages Tobiassen.

Exposed children's personal data: A particularly serious incident

The data breach has affected an Xplora customer with a children's smartwatch and subscription. The leaked information could potentially be misused for identity theft, fraud and other criminal acts. It is especially serious that children's personal data has gone astray, which makes the breach even more grave.

Gross breach of the GDPR: A lack of oversight in the industry

The data breach represents a gross violation of the EU General Data Protection Regulation (GDPR), which sets strict requirements for the protection of personal data, especially when it comes to children. The incident also reveals a serious lack of oversight in the industry, where companies appear to have very weak compliance with privacy rules.

Nettsak.no demands action and accountability

Nettsak.no demands that Collectia and Xplora immediately take responsibility for the leak, inform all affected customers and implement measures to prevent similar incidents. We also question the industry's practices in general and the need for stricter supervision.

Interview with Tobias Tobiassen: "This may be the tip of the iceberg"

In an exclusive interview with Nettsak.no, Tobias Tobiassen expresses his deepest frustration and anger:

"I am shocked and furious that my and my child's personal data have ended up in the hands of unauthorised people. This is a gross breach of trust, and I demand that Collectia and Xplora take their responsibility. I have documentation showing that I provided correct information, and Collectia's excuses are nothing but a diversion from the heart of the matter."

Tobiassen further explains that he worked at ZecureCode AS until 2022 and at that time had the email address [email protected]. After he left, he has used [email protected] as his email address. He says there is nothing that should have led Collectia to use the email address [email protected]. Tobiassen believes they merged his two email addresses, and that this is the reason the information was leaked to the wrong email address.

"This may be the tip of the iceberg. If they have made this mistake with me, how many others have they done it with? It is a system failure, and it shows that the companies do not take privacy seriously. I feel completely powerless."

What can you do if you are affected?

If you are an Xplora customer and suspect that your personal data has been leaked, you should:

• Immediately contact Xplora and Collectia for information about your case.
• Change passwords and other sensitive information.
• Be extra vigilant about suspicious emails and fraud attempts.
• Contact the Norwegian Data Protection Authority to report the breach.

Nettsak.no follows the case closely and demands answers

Nettsak.no will continue to cover this serious case and demand answers from Collectia, Xplora and the relevant authorities. We will keep our readers updated on developments.

It is important to note that both Xplora and Collectia were notified of this case ahead of publication. Both companies have responded to the inquiry and claim that they do not consider the incident to be a legal violation. Xplora has even demanded that the article be unpublished. This attitude, particularly Xplora's suggestion that Nettsak.no contact the Norwegian Data Protection Authority, raises serious questions about the company's understanding of and respect for the GDPR.

Questions ignored

Neither Xplora nor Collectia has answered the specific questions posed in the email from Nettsak.no:

• How could this privacy breach happen?
• What measures have you implemented to prevent similar incidents in the future?
• Have you notified the Norwegian Data Protection Authority and the affected parties about the incident?
• What procedures do you have to ensure that personal data is not shared inadvertently?
• Have you considered compensating the affected parties for any consequences of the leak?

Both Xplora and Collectia have been informed about the publication of this article and have been given the opportunity to respond.

Sources and transparency

The source basis for this case is an email sent to a public service operated by Open Info on behalf of ZecureCode AS. Open Info runs the online newspaper Nettsak.no. Other sources are Tobias Tobiassen, and InfoDesk AS's AI service was used to analyse the case against Norwegian legislation. InfoDesk AS's AI service was further used to assist with the generation of article content, controlled by the author.

Keywords: Collectia, Xplora, data breach, privacy, GDPR, children's smartwatch, debt collection, Nettsak.no, system failure, Tobias Tobiassen.