Breach of personal data security in Aalborg Municipality

Earlier this year, Aalborg Municipality detected a breach of personal data security, where a large number of employees at the municipality, North Jutland Emergency Services and Aalborg Forsyning were able to access files with sensitive personal information.

Aalborg Municipality writes this in a notice on the municipality’s website.

The files have been stored in a number of shared drives, and here it has been possible to find information such as CPR numbers, names, telephone numbers and addresses of current and former citizens of the municipality.

– We have no reason to believe that employees have accessed files with personal data on shared drives that are unrelated to their work, but since we cannot document that this has not happened either, we choose to notify about the security breach just in case. , Aalborg Municipality writes in the announcement.

Not possible to inform all those affected

Due to the scope and complexity of the breach, it is not possible for Aalborg Municipality to inform all the affected citizens directly. Therefore, the majority of those affected are informed via the public notice on the municipality’s website.

Only a few people will receive a direct message from Aalborg Municipality about the breach, which will come as a letter directly in the digital post.

After the security breach was discovered, all shared drives have been shut down so that it is no longer possible for employees to access the files stored on them.

– Going forward, Aalborg Municipality will limit the use of shared drives and investigate whether it is possible to stop using such shared drives, writes the municipality in the announcement.

The breach of personal security was discovered on 22 January and reported to the Norwegian Data Protection Authority on 25 January.