Sweden Accidentally Leaks Personal Details of Nearly All Citizens
Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled a deal with IBM, to outsource database and IT service management. IBM, which in turn outsourced the operations to countries in eastern Europe, with the result that “foreign staff had responsibility for Swedish classified information”.
What’s do we know about what’s been exposed? The agency has information on all vehicles in Sweden, including some, but not all military vehicles. It also is the depository for the nation’s driver’s license data, including photos – which also happens to include individuals under protective order, and those of undercover law enforcement workers. Additionally, the nation’s infrastructure data with respect to roads, ports, air, rail, etc., is under its sway
Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017. Ågren was also fined half a month's pay (70,000 Swedish krona which equals to $8,500) after finding her guilty of being "careless with secret information," according to the publication. What's the worrying part? The leaked database may not be secured until the fall, said the agency's new director-general Jonas Bjelfvenstam. The investigation into the scope of the leak is still ongoing.
The Swedish prime minister has admitted that the leak of the confidential data of millions of Swedes as a result of the country’s transport agency outsourcing operations to third party contractors is “a disaster”. Speaking in Stockholm on Monday, Stefan Löfven also confirmed that he had known about the leak since January, with other ministers being aware of it as long as 18 months ago