[BreachExchange] Finland to investigate Nokia smartphones after data breach

Destry Winant destry at riskbasedsecurity.com
Fri Mar 22 08:54:26 EDT 2019


A software glitch meant data was sent to servers in China, without
customers' knowledge

Finland’s data protection regulator is investigating whether Nokia
breached national laws after a "software glitch" saw user data being
sent to China.

Reuters reported that the country’s data protection ombudsman Reijo
Aarnio said he would ensure user data had not accidentally made its
way over to China and if it had, Nokia device maker HMD Global would
be fully investigated.

Last week, Norwegian public broadcaster NRK reported that some Nokia 7
Plus phones had sent data to a Chinese data server, although it hasn’t
been revealed what kind of information has been transmitted or how
many devices were affected by the potential breach.

A customer reportedly contacted NRK saying they had noticed their
Nokia 7 Plus has been sending packets of unencrypted data to a server
located in China. When further questioned by the news source, HMD
wouldn’t say who owned the server or how the data was being used.

However, the company said in a statement: “We can confirm that no
personally identifiable information has been shared with any third

It added there had been “an error in software packaging process in a
single batch of one device model”.

“Such data was never processed and no person could have been
identified based on this data,” HMD representatives said.

The affected devices have now all apparently been patched and are no
longer beaming information to Chinese servers.

There are concerns that Chinese businesses and potentially, even the
government, are collecting data relating to international citizens for
unlawful reasons.

More information about the BreachExchange mailing list