Swedish Government Blamed for Mega Data Leak

Written by

The Swedish government is facing intense criticism after reports claimed it responsible for one of the world’s biggest and most damaging public sector data breaches ever recorded.

Local media reports summarized by The Local claim that the incident stemmed from the Swedish Transport Agency (STA), which outsourced its IT infrastructure to IBM back in 2015 apparently without mandating the requisite security clearance checks for staff.

This meant that outsourced workers in the Czech Republic and, more importantly, Serbia – which is said to have a close relationship with Russia when it comes to sharing intelligence – were able to access the documents.

The decision to outsource was apparently taken for financial reasons, while the subsequent disregard for security checks was a result of time constraints, as the STA had already started sacking employees.

The documents in question included: vehicle registration data from every Swedish citizen, data on all government/military vehicles, the weight capacity of all roads and bridges, names, photos and home addresses of Air Force pilots, police suspects, elite SAS-style operatives and anyone in a witness protection scheme.

There are also fears that the European Union’s secure network STESTA may have been compromised, as it is linked to the Swedish government’s supposedly secure intranet.

In March last year, the entire vehicle register was sent to subscribing marketers, but crucially this list contained individuals from witness protection and similar programs. When the error was discovered, these highly sensitive identities were actually pointed out by the agency to recipients with a request they be deleted, according to Swedish Pirate Party founder, Rick Falkvinge.

The details are only just emerging thanks to an investigation by the Swedish security service Säpo.

Campaigners are outraged that the only outcome of the incident thus far is that former STA director general, Maria Ågren, was retired swiftly from her role and fined half a month’s salary.

“Many governments have had partial leaks in terms of method (Snowden) or relations (Manning) lately, but this is the first time I’m aware that the full treasure chest of every single top-secret governmental individual with photo, name and home address has leaked,” wrote Falkvinge.

“It goes to show, again, that governments can’t even keep their most secret data under wraps — so any governmental assurances to keep your data safe have as much value as a truckload of dead rats in a tampon factory.”

The leak is apparently still ongoing, with reports suggesting it may be fixed by autumn. Many more details could still emerge, as much of the info so far is redacted in official police documents, he claimed.

What’s hot on Infosecurity Magazine?