Swedish Healthcare Guide, a telephone service that provides Swedes with healthcare information, is likely to be in breach of GDPR after it was discovered that 2.7 million unique voice recordings from the service had been left on an unencrypted, publically accessible server.
The server, which was used to store recordings of phone calls to the Swedish Healthcare Guide service in real-time, held over 170,000 hours of calls. Some dated back as far as 2013.
Many of the calls include the discussion of sensitive healthcare details, while some include social security numbers. A small percentage of the files even include phone numbers in the file names.
The data was available online without any form of password protection or other security, meaning anyone who came across it was able to download and listen to the calls.
Given the sensitive nature of the calls, and the onus on personal data security under GDPR, it is highly likely that Swedish Healthcare Guide is in breach of the regulation.