https://www.klarna.com/uk/blog/written-statement-on-app-bug/
Although I dunno about "According to GDPR standards, only non-sensitive data was exposed." since in the twitter thread someone said:
This is definitely not a test environment. I was called by someone who was logged in to my account and saw all my personal data including bank details, Klarna card etc.
And while I'm told the bank details are obfuscated (I don't use Klarna, I dunno), I would consider the phone number to be a clear breach of my privacy under GDPR.
Although, the twitter account that said that has 0 followers, so maybe its not true. I dunno. I know someone who works for Klarna and he told me: "Full investigation will take time. There's a LOT of engineers working on this. Only confirmation I have currently is that the firstname was visible."
Going by the screenshots, first name and account balance. Doesn't seem that bad from a GDPR point of view. Still bad, of course, but not suuuper sensitive.
EDIT: Nevermind: https://twitter.com/esraefe/status/1397843949985931265