The error was identified and fixed in February says HMD Global
HMD Global has said reports of an alleged data breach is “misleading” as it insists no personal data has been shared with third-parties.
The firm which acts as the global licensee for the Nokia brand has denied any wrong-doing after an unspecified number of Nokia 7 Plus models were alleged to have sent data to the Chinese server.
The breach was initially reported by Norwegian public broadcaster NRK, who claim it was contacted by a Nokia 7 Plus user which prompted Finland’s data protection ombudsman Reijo Aarnio to call for an investigation.
According to NRK the user said their phone often contacted a server, sending data packages in an unencrypted format.
However HMD Global has fought back against any claims of personal data sharing with a statement issued on March 22.
The firm has also since reached out to the Finnish Ombudsman to clarify events from the misleading and incorrect media report.
In the statement HMD Global said: “We have looked deeply into the case at hand and can confirm that no personally identifiable information has been shared with any third party. We have analysed the case at hand and have found that our device activation client meant for our China variant was mistakenly included in the software package of a single batch of Nokia 7 Plus phones. Due to this mistake, these devices were erroneously trying to send device activation data to a third party server. However, such data was never processed, and no person could have been identified based on this data. To be clear, no personally identifiable information has been shared with any third party.”
All Nokia devices apart from the Chinese variants are stored at HMD Global’s servers in Singapore.