A massive data breach exposing the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military’s most secretive units, police suspects, people under the witness relocation programme, the weight capacity of all roads and bridges, and more, in the Swedish Transport Agency (Transportstyrelsen) is being reported by Swedish media after the agency mishandled an outsourcing deal with IBM, leading to the leak of the private data about every vehicle in the country.
The Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks in 2015, having uploaded IBM’S entire database onto cloud servers covering the details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs.
The transport agency then emailed the entire database in clear text messages to marketers that subscribe to it.
Having the error discovered, the transport agency only sent a new list in another email, asking the subscribers to delete the old list on their own.
Outside Sweden, the outsourcing deal gave IBM staff access to the Swedish transport agency’s systems without proper security clearance checks.
Swedish Secret Service discovered the data breach in 2016 and started investigating the incident, leading to the fire of STA director-general Maria Ågren in January 2017.
However, Sweden’s PM Lefovin says a security leak in the transport agency two years ago was “a disaster,” but it is unclear what damage it may have caused and data leak was revealed after security police investigated the outsourcing of services by the Swedish Transport Agency finding IT workers in other countries.
Lofven also said the data leak was revealed after Sweden security police investigated the outsourcing plans. And after he heard about the breach in January 2017, the head of the agency was fired according to Lefovin.
He said in a conference,