The Office of the Data Protection Ombudsman imposed a penalty of 1.8 million euros on S-Bank Plc for breaking data security in its online banking authentication service, said the Ombudsman Office in a press release on Wednesday.
The incident of data breaching took place in 2022 due to a software error in the identification service as a result some clients managed to access online accounts of other clients.
The security flaw continued for more than three months from April to August in 2022 and swindlers transferred a significant amount of money from other clients´ accounts.
The Ombudsman Office investigated into the incident in August 2022 and found that the bank authority introduced a new login software in April without examining it properly before starting operation.
It also did not identify the vulnerability before implementation of the new software.
The bank authority, however, announced to compensate the affected clients who lost money due to the breach.
S-Bank Plc has the right to appeal to Administrative Court against the decision.
Earlier in May 2025, the Financial Supervisory Authority (FIN-FSA) imposed a combined penalty payment of EUR 7,670,000 on S-Bank Plc for omissions in the bank’s operational risk management.
- S-Bank
- Fined
- €1.8m
Source: www.dailyfinland.fi
