A person examining stock market indices on a smartphone in Helsinki in November 2020. Nordnet could face an administrative penalty payment worth millions of euros depending on the scope of the technical incident that allowed some customers to access the personal details, savings accounts and investment portfolios of others on Tuesday, 11 February 2025. (Emmi Korhonen – Lehtikuva)
- Next Article Helsinki offers discounted daytime access to sports facilities
THE TECHNICAL INCIDENT at Nordnet that allowed customers to access the personal and account details of other customers could have substantial repercussions also for the investment platform, Deputy Data Protection Ombudsman Heljä-Tuulia Pihamaa said to Helsingin Sanomat on Tuesday.
“We’re talking about a security breach of personal information,” she summarised to the newspaper.
Pihamaa said Nordnet has to provide authorities with a report of how some customers were able to access the personal details, savings accounts and investment portfolios of others within 72 hours of when the incident was discovered. Users of Nordnet began encountering problems at approximately noon yesterday, some landing on the account of another user after logging in and others being unable to access the platform at all.
Media reports indicate that users may have also been able to submit market orders on behalf of others.
Nordnet has about 630,000 customers in Finland.
Pihamaa told Helsingin Sanomat that the data protection ombudsman is investigating the incident in co-operation with authorities in Sweden, Nordnet being headquartered in Sweden.
“We’re looking closely into what happened and into whether possible repercussions from data protection authorities are warranted.”
The repercussions could entail a reprimand, an order to comply with regulations, a prohibition on processing personal information or an administrative penalty payment that could be worth millions of euros. Under Finnish law, such a penalty payment must not exceed four per cent of the revenue of the subject.
Pihamaa reminded that the service provider also has obligations to its customers: after determining which of its customers were affected, it has to inform each customer of the issue personally.
Sven-Eric Holmström, the chairperson of Finnish Shareholders’ Federation, similarly described the incident as serious in an interview with Helsingin Sanomat on Tuesday. He argued that the fact that some customers were able to access and technically make market orders in the portfolios of others constitutes a violation of banking secrecy, as well as the statutory obligation to protect investments.
Holmström reminded that customers who submitted market orders on the account of other customers engaged in deliberate wrongdoing.
“Does the broker take responsibility if this has happened? What happens if large transactions have tax consequences? These are big questions,” he said to the newspaper. “Also the reputational damage is considerable.”
“This kind of an incident should never happen. I don’t even understand how this is possible,” he said.
Aleksi Teivainen – HT
- Next Article Helsinki offers discounted daytime access to sports facilities
Source: www.helsinkitimes.fi
