Blog

Norwegian School App exposes 63,000 school children’s data – fines of €200,000 expected

The Norwegian newspaper Aftenposten has revealed a huge security breach in a new app for Norwegian school children. But Aftenposten found major security flaws in the new app.

Is your mobile app secure?

Norwegian newspaper Aftenposten has revealed a huge security breach in a new app for Norwegian school children. The app “Skolemelding” was not properly tested before launched thereby exposing the data of 63,000 children, says Norwegian Data Protection Authority (DPA)

The Norwegian Data Protection Authority strongly criticizes Oslo’s Education Office (UDE) and their new app “Skolemelding” (i.e. School message). The app is believed to violate the rules of personal information security and the DPA now warns of fines up to 2 million Norwegian kroner (€200,000).

Exposing 63,000 children’s data

Skolemelding” is an app that was used by the schools in Oslo last year. The purpose of the app was to make it easier for parents and teachers to communicate about the children’s daily life in school.

But Aftenposten found major security flaws in the new app. Everyone who logged in, and others with knowledge of the flaws, could theoretically gain access to the information and communication of the more than 63,000 students in the Norwegian capital.

Case summarized

In 2018 the Norwegian app Skolemelding (i.e. School message) was launched giving parents of more than 63,000 children in the Norwegian capital Oslo new ways of communicating.
Aftenposten later revealed the app to have major security flaws which exposed the children’s data.

The app did not undergo proper testing

The reason why the Norwegian DPA entered the case with such force is that a great number of school children’s data had been exposed. The DPA further emphasizes that the responsible party (Municipality of Oslo) did not carry out a good enough testing before the app was launched. 

Therefore, the security breaches were not evident for the UDE. However, it was later made clear, that the breaches were very well-known breaches, says Bjørn Erik Thon.

Although the bugs were fixed the same day the UDE was notified, the actions taken were not acceptable for the DPA. The UDE is therefore warned of a fine up to €200,000.

The Education Office now has to decide whether they will accept the fines or not.

We can test if your mobile app is GDPR compliant

Testing your mobile app for security breaches and GDPR readiness is absolutely vital for your brand image and relation to your customers.

Here we present a guide to how you can make your company app GDPR and ePrivacy compliant.

Link: How to get mobile app GDPR compliant in 6 easy steps (en)

Link: 6 skritt som gjør at din app tilfredsstiller GDPR (no)

Link: 6 trin til at blive GDPR compliant på din mobil app (da)

References

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email

No credit card needed

Start your free trial

250,000 clients already trust us with their website's cookie compliance ​

Is your website GDPR cookie compliant?

We'll give you the answer quickly - completely free
Free Webinar

How to perform GDPR compliant analytics and digital marketing

The guide to cookie consent in Sweden, Norway & Finland