{"id":1493,"date":"2025-03-04T20:15:30","date_gmt":"2025-03-04T19:15:30","guid":{"rendered":"https:\/\/nettsak.no\/?p=1493"},"modified":"2025-03-08T01:24:42","modified_gmt":"2025-03-08T00:24:42","slug":"data-breach-at-collectia-and-xplora","status":"publish","type":"post","link":"https:\/\/nettsak.no\/en\/data-breach-at-collectia-and-xplora\/","title":{"rendered":"Data breach at Collectia and Xplora"},"content":{"rendered":"

System failure uncovered: Serious data breach at Collectia and Xplora - Customer feels powerless<\/h2>\n\n\n\n

Leak reveals reprehensible practices: The debt collection company blames the wrong email, while the customer rages against lack of privacy.<\/strong><\/h3>\n\n\n\n

Nettsak.no has uncovered a serious data breach involving debt collection giant Collectia and children's watch supplier Xplora. Sensitive personal data, including children's phone numbers, has ended up in the wrong hands. Collectia blames an incorrect email address provided by customer Tobias Tobiassen, but he fights back strongly, accusing the company of gross neglect of privacy.<\/p>\n\n\n\n

Wrong addressee: Email gone astray<\/strong><\/h2>\n\n\n\n
\"\"
Email sent to an email address that does not belong to Tobiassen. Zecurecode.com is a domain that offers, among other things, public reading of emails that are not sent to an existing email address, such as mailinator.com<\/a>.<\/figcaption><\/figure>\n\n\n\n

The email, which contained details of a debt collection case and information about an Xplora children's watch, was sent to the address tobiasop1@zecurecode.com, an address that has never belonged to Tobiassen. Zecurecode.com is a domain administered by InfoDesk AS and operated by Open Info. Due to a catch-all feature, which captures all emails sent to non-existent addresses, the sensitive information ended up in a common pool available to a large number of technicians, freelancers and developers.<\/p>\n\n\n\n

Collectia blames the customer - Tobiassen strikes back<\/strong><\/h2>\n\n\n\n

In a statement to Nettsak.no, Collectia maintains that the error is due to Tobiassen himself providing the wrong e-mail address. The company claims they have followed their routines and pushes the responsibility onto the customer.<\/p>\n\n\n\n

Tobiassen strongly rejects Collectia's explanation. \"I have never given the wrong e-mail address. This is an embarrassing attempt to disclaim responsibility,\" says an upset Tobiassen. He can document that he has provided correct information and believes that Collectia's handling of the case is nothing less than a scandal.<\/p>\n\n\n\n

Collection letter to former employer: A mockery of privacy<\/strong><\/h3>\n\n\n\n

Collectia also tries to justify sending information to Tobiassen's former employer, citing the fact that he was previously employed by ZecureCode. \"This is an arrogant practice and shows a total lack of respect for basic privacy,\" Tobiassen rages.<\/p>\n\n\n\n

Exposed children's personal data: A particularly serious incident<\/strong><\/h3>\n\n\n\n

The data breach has affected an Xplora customer with a children's watch and subscription. The leaked information could potentially be misused for identity theft, fraud and other criminal acts. It is particularly serious that children's personal data has gone astray, which makes the breach even more serious.<\/p>\n\n\n\n

Gross violation of GDPR: Lack of control in the industry<\/strong><\/h3>\n\n\n\n

The data breach represents a gross violation of the EU's General Data Protection Regulation (GDPR), which sets strict requirements for the protection of personal data, especially when it comes to children. The incident also reveals a serious lack of control in the industry, where companies appear to have very weak compliance with the data protection rules.<\/p>\n\n\n\n

Nettsak.no demands action and responsibility<\/strong><\/h2>\n\n\n\n

Nettsak.no demands that Collectia and Xplora immediately take responsibility for the leak, inform all affected customers and take measures to prevent similar incidents. We also question the industry's practices in general and the need for stricter supervision.<\/p>\n\n\n\n

Interview with Tobias Tobiassen: \"This could be the tip of the iceberg\"<\/strong><\/h2>\n\n\n\n

In an exclusive interview with Nettsak.no, Tobias Tobiassen expresses his deepest frustration and anger:<\/p>\n\n\n\n

\n
\n
\"\"<\/figure>\n<\/div>\n\n\n\n
\n

\"I am shocked and outraged that my and my child's personal data has ended up in the hands of unauthorized persons. This is a gross breach of trust, and I demand that Collectia and Xplora take responsibility. I have documentation showing that I have provided correct information, and Collectia's excuses are a pure diversion from the core of the matter.\"<\/p>\n\n\n\n

Tobiassen further explains that he worked at ZecureCode AS until 2022 and then had the e-mail address tobias@zecurecode.com. After he left, he has had tobias@op1.no as his e-mail address. He says that there is nothing that would indicate that Collectia should have used the email address tobiasop1@zecurecode.com. Tobiassen himself believes that they have merged his 2 email addresses, and that is the reason why information has been leaked to the wrong email address.<\/p>\n\n\n\n

\"This could be the tip of the iceberg. If they've made this mistake with me, how many others have they done it to? It's a systemic failure and it shows that companies don't take privacy seriously. I feel completely powerless.\"<\/p>\n<\/div>\n<\/div>\n\n\n\n

\n
\n
<\/div>\n<\/div>\n<\/div>\n\n\n\n

What can you do if you are affected?<\/h2>\n\n\n\n

If you are an Xplora customer and suspect that your personal data has been leaked, you should:<\/p>\n\n\n\n