The Finnish data protection watchdog has confirmed it’s investigating HMD Global’s Nokia-branded phones over reports they were found to be sending unencrypted data to a Chinese server. Details first emerged after a user, Henrik Austad, tipped off the Norwegian broadcaster NRK, who investigated the breach, Reuters reports.
NRK’s investigation revealed that the server being contacted was associated with the domain “vnet.cn,” which is linked to the state-owned telco China Telecom. The data was being sent in an unencrypted format by a Nokia 7 Plus, a phone first released in March last year.
Responding to the report, HMD Global — which manufactures Nokia-branded phones under license from Nokia — admitted that the breach occurred, and said that it was caused by “an error in software packaging process.” However, it sought to downplay its significance, saying that only “a single batch of one device model” was affected, and that “no personally identifiable information has been shared with any third party.” HMD hasn’t explained why data was being sent to a Chinese server, though.
Although the bug was patched back in February, the Finnish ombudsman will be investigating whether any personal information was sent, as well as whether there was any legal justification for doing so.