Sweden exposed sensitive data on citizens, military personnel

By on
Sweden exposed sensitive data on citizens, military personnel

Sent unredacted drivers licence database to marketers.

Swedish authorities are battling to contain a major privacy breach that has seen sensitive information on its citizens and the country's military leaked to companies and individuals outside the Nordic nation.

In 2015 the Swedish Transport Authority hired IBM to move the country's drivers licence register to the cloud. IBM in turn used subcontractors in the Czech Republic and Romania.

These contractors were given access to the full dataset from the Transport Authority, which included information like photographs and home addresses on Swedish Air Force and special forces personnel.

The overseas contractors did not have security clearance to view such sensitive information, which also included road and bridge weight capacities and whether a vehicle is armoured, Sweden's national TV broadcaster SvT reported.

People in witness protection programs were also included in the drivers licence data.

Rather than making available a redacted version of the database, the Swedish Transport Authority instead sent out clear text emails to the companies asking them to manually delete the sensitive information they held.

The email messages listed the full details of the individuals the government agency wanted removed.

While the data breach took place in March last year when the unredacted information was made available, the scandal has only now come into the public eye.

Sweden's government knew about the data breach last year but kept quiet about it, according to SvT.

The general-director of the Swedish Transport Authority, Maria Ågren, resigned from her position in January this year.

Her resignation was originally attributed to differences with the government, but in July this year, Ågren was fined SEK 70,000 (A$10,740) for leaking classified information and harming national security.

Speaking to Swedish media, the newly appointed general-director of the country's Transport Authority, Jonas Bjelfvenstam, said the government agency has embarked on a set of measures to improve its IT security, but cannot guarantee that foreigners without security clearance won't have access to the sensitive data in the drivers licence database.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?