May 27 incident report

On May 27, 2021, Klarna’s app users experienced an incident caused by a faulty configuration change in our app. During a time period of 31 minutes between when the change was introduced and disabling access to our app, some app users saw a subset of their information exposed to other app users. We take the protection of our users’ personal information very seriously and sincerely regret that this incident ever occurred and that we failed to live up to our high standards for privacy.

When mistakes happen and our promises to our customers are broken, it is essential for us to work tirelessly to regain the trust of our customers. As part of our commitment to transparency and openness, we want to publish a full summary of what happened, the implications, a Q&A, and links to further details. If you have questions regarding the incident, you are also more than welcome to contact our customer service.

Background: The issue only affected users of the Klarna app (iOS and Android) NOT our web-based access. The Klarna app has a number of different sections that present different sorts of information sets from a user’s profile. In Figure 1 below, there are examples of such sections, labelled A, B, C. In each one of them, marked with red is the information set that stems from a specific user’s account.

Leave a Comment