Witness protection program details among data exposed in massive Swedish government data breach

Data from every drivers license, personal details of everyone in its witness relocation program and the country’s elite military units are among the data exposed in Sweden’s biggest ever data breach.

The classified data leak, which Sweden’s PM has called a “disaster,” occurred during an IT outsourcing project at the country’s Transport Agency two years ago.

As the agency rushed to move all its data into an IBM cloud, it says director-general Maria Agren “decided to abstain” from applying internal security guidance as well as three privacy and data protection laws. During the data transfer, all the sensitive information was visible to IBM workers without security clearance in the Czech Republic, Romania and Serbia. IBM is not believed to be at any fault for the exposed information.

Agren was fired in January and fined around €6000 for ‘carelessness’; it was only when a Swedish court found her guilty of exposing classified information on July 6th that the true nature of the leak became public knowledge and a full-blown political scandal got underway.

Was national security impacted?

While there’s no evidence to date that any of the information has been used improperly, Pirate Party founder Rick Falkvinge said the incident “Goes to show, again, that governments can’t keep even their most secret data under wraps,” making any assurances around their capacity to protect citizen information meaningless.

Falkvinge, now head of privacy at Private Internet Access, claimed that because the contract was run via Serbian IBM sub-contractor NCR, “Giving staff in Serbia administrative access to these networks practically guarantees that Russia also has access.” According to Falkvinge, the EU’s secure STESTA network is also connected to the intranet the data leaked from.

Radio Sweden reported that information on whether or not the breach has impacted national security “has been withheld in the Swedish security services’ preliminary investigation.”

Despite its discovery two years ago, work to address the breach has yet to be completed; the Transport Agency says “work is underway to speed up the process.”