Sweden’s financial services watchdog is investigating an IT incident at fintech unicorn Klarna which enabled users to briefly access the information of others.
The incident, in May, was caused by human error, according to Klarna, and meant that for 30 minutes, user information was visible to other customers.
According to Reuters, the Finansinspektionen, Sweden’s financial services regulator, said it “will investigate whether Klarna has violated bank secrecy in connection with an IT incident in May where the bank’s customers were able to access information about each other for a limited time”.
The regulator added: “Bank secrecy is a central part of banks’ operations. Bank customers must know that their information is secure and banks have a major task in always protecting the privacy of their customers.”
Klarna, founded in 2005, is based in Stockholm and is one of a number of startups described as unicorns – meaning it has a valuation of more than $1bn. It is best known for providing “buy now, pay later” payment services to online retailers, enabling consumers to take advantage of interest-free finance.
It received a full EU banking licence from Finansinspektionen in 2017 and has spread its business and expanded its portfolio. The company has about 3,000 employees, most of them in Stockholm.
A spokesperson for Klarna told Reuters that the regulator’s inquiry was “very much expected as part of our regular dialogue with the Swedish FSA and, as always, we approach this with full cooperation and transparency”.
The fintech has already been in the crosshairs of the UK’s data privacy regulator for a separate incident. In October last year, the Information Commissioner’s Office (ICO) investigated the company over an apparent accidental misuse of data obtained from the online retailers to which it provides services.
The ICO received more than 90 complaints from angry consumers who received a weekly newsletter email from Klarna on 12 October 2020, despite never having used its service themselves, or given it their data or permission to use it.
Klarna cited human error as the cause. At the time, a spokesperson said: “We are aware that on 12 October, some people received our weekly newsletter by mistake. This was a human error and the email was incorrectly sent, for which we are extremely sorry.”
Separately, Klarna recently raised $639m from a group of investors led by SoftBank, taking its valuation to about $46bn, which is more than several of the Nordic region’s major banks. Its growth has been rapid after it raised €424m from a new capital funding round in August 2019. Klarna’s market value was then about €5bn.