Sweden’s government is under fire for a huge data breach that may have compromised highly sensitive information of almost all of their citizens, including the identities of military personnel.
The shocking data breach was reported by Swedish national newspaper, Dagens Nyheter. The disclosure was made when the newspaper reported that former director general of the Swedish Transport Agency, Maria Agren, was reportedly fired at the beginning of the year for mishandling sensitive information, and fined $8,500 failing to follow data protection laws.
The head of IT at the agency shamefully admitted that “the keys to the kingdom” had been given away.
How it happened…
The Swedish Transport Agency reportedly outsourced the task of managing vehicle registration and driver licencing to a third party company. Although the agreement was worth a hefty $100 million, there were foreign contractors who were reportedly given access to information who had not been properly vetted / screened for security.
The result is that a wealth of sensitive data has been handed over to foreigners who may not have been properly vetted, and the outsourced data may have included information about military assets.
The third party company, IBM, had access to all sorts of infrastructure information. IBM’s subsidiaries across Eastern Europe could see plans and details about bridges, roads, ports and the subway system in Sweden’s capital, Stockholm.
As IBM also manages driver licencing, anyone with a licence may have had their identity exposed. This may have included pilots, train conductors and air traffic controllers.
According to the Swedish newspaper, it doesn’t stop there… People with protected identities can reportedly be traced, and so can armoured vehicles as well as schedules for the transportation of valuables and cash.
In the wrong hands, this kind of data could do irreversible damage to many innocent people!
A “very serious” breach
The Director general and head of Swedish Security Services, Anders Thornberg, described the situation as:
“Very serious because it could damage our operational business that we are conducting every day in order to protect Sweden.”
Although the seriousness of the data breach is not to be undermined, officials are apparently glad that there was no malicious intent involved in the leak. Whenever a company or organisation has control over data, they must ensure that there are steps to prevent accidental or malicious data leaks from happening.
A “total breakdown”
Swedish Prime Minister, Stefan Lofven, called the incident “a total breakdown” that is “incredibly serious”! He goes on to say “it’s a violation of the law and puts Sweden and its citizens in harm’s way”.
Other members of Parliament remain very concerned over the incident, especially for an apparent delay in reporting the breach. The nature of the data breach may lead to public outcry over the Swedish government’s ability to keep confidential information safe.
Authorities have been investigating the data breach and found that three individuals utilised the opportunity to access the information without authorisation. With a lack of security protocols in place, the unnamed persons could have stolen information or copied it and removed any trace of it.
Ongoing concerns over cybersecurity and government cuts
Cybersecurity expert, Bengt Erik Angerfelt, expressed his concerns over the imbalance of priorities over cybersecurity and government cuts:
“…one is trying to do things as cheaply as possible and it’s expensive to hire your own personnel. To do security checks on personnel in other countries is difficult.”
Angerfelt has worked in IT security for the Swedish police, Sapo and Interpol.
If the Swedish government want to maintain public confidence, they will have to show they are serious about data protection and take steps to ensure the safety of the information they hold about their people.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.