Technology 3 min read

Massive Swedish Data Breach: IBM and Government to Blame

Akela999 |

Akela999 |

Sweden is now battling a catastrophic data breach that has seen millions of bytes of sensitive data exposed to the public and left the country’s security at risk.

According to reports, the data leakage was due to the mishandled outsourcing deal that the Swedish Transport Agency (Transportstyrelsen) got into with IBM. Apparently, the mishap led to the leakage of personal information and confidential government data.

Mountains of personal data #leaked by #Swedish government.Click To Tweet

The data breach purportedly exposed the names, photos, and home addresses of millions of Swedish citizens.

Not only that, but it also includes data of Swedish air force fighter pilots, all members of the government’s secret military units, crime suspects, people under the witness relocation program. If you thought that was bad, even the weight capacity of all roads and bridges in Sweden was leaked.

How the Swedish Data Breach Happened

In May 2015, the Swedish Transport Agency, under its then Director General Maria Ågren, awarded IBM a contract to manage its database and network.

It was said that IBM was given the signal to upload all available information from the agency’s database to the ‘cloud.’ However, IBM outsourced subcontractors from Eastern Europe, including the Czech Republic and Serbia, to do the task.

IBM authorized and has given the subcontractors access to the full dataset without seeking security clearance from the Swedish government or the agency. Further reports suggest that the subcontractors were able to view sensitive information such as names, photos, and addresses of Swedish citizens and some military personnel coming from emails sent by the Swedish Transport Agency itself.

It appears that instead of providing a redacted version of the database to IBM, the Swedish Transport Agency provided the database in clear text emails to the companies involved, asking them to delete all sensitive information they held manually.

“There’s an enormous amount of data in Swedish about the overall leak scandal, but among all that data, one piece bears mentioning just to highlight the generally sloppy, negligent, and indeed criminal, attitude toward sensitive information,” Rick Falkvinge, Head of Privacy at Private Internet Access and the founder of the first Pirate Party who brought the issue to the attention of international press, was quoted as saying.

According to reports, the breach took place in September 2015 when the unrestricted information was made available to people with no security clearance. However, only in March last year that the Swedish Secret Service realized what happened and started its investigation.

STA Director Resigned: Fine Worth Only $8,500 USD

Following the mishap, authorities charged STA director general Maria Ågren in 2016 and early this year she was forced to resign.

The Swedish courts found her guilty of negligence, but her sentence was seen as ludicrous by the public, with the court only fining her half of her monthly salary. Falkvinge said:

“Given how much the establishment has got each other’s backs, this sentence was roughly equivalent to life in prison for a common person on the street, meaning they must have done something really awful to get not just a guilty verdict, but actually be fined half a month’s salary.”

Right now, the Swedish government is still in the process of investigating the extent of the breach if IBM or NCR employees were granted access to the European Union’s secure STESTA intranet or the Swedish Government Secure Intranet (SGSI)

Do you think the Swedish court has shown too much leniency towards Maria Ågren? What should be her punishment for her part in this Swedish data breach?

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Chelle Fuertes know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.

Profile Image

Chelle Fuertes

Chelle is the Product Management Lead at INK. She's an experienced SEO professional as well as UX researcher and designer. She enjoys traveling and spending time anywhere near the sea with her family and friends.

Comment (1)
Least Recent least recent
  1. geoh777 September 30 at 7:54 pm GMT

    “What should be her punishment for her part in this Swedish data breach?”

    No one, except for muslims, wants to invade Sweden, so she should be fined half of a months’s salary.

share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.