Sweden: largest data leak in the country’s history could have been easily avoided
In trying to save money for outsourcing its database, the Swedish Transport Agency (STA) caused the biggest data leak in Swedish history. The potentially dramatic consequences of this leak, and the detached reaction of the Swedish government, give food for thought.
In 2015, in order to reduce operating costs, the Swedish Transport Agency (STA) decided to outsource the management of its database and IT infrastructure by delegating it to two companies: IBM in the Czech Republic, and NCR in Serbia. Given the sensitive nature of this data, it should have been accessible only to carefully selected authorized personnel. However, in order to save even more money, STA was quick to deploy the system, even if it meant circumventing essential security rules. This is how the biggest data breach occurred in the history of Sweden .
Sweden: a leaking database containing a lot of sensitive information
According to Infosecurity Magazine, the database included vehicle registration data from all Swedish citizens , data on military and government vehicles, data on the weight capacity of all bridges and roads in the country, names, photos, and addresses of Air Force pilots, police suspects, and all government-protected witnesses.
Furthermore, some fear that the European Union’s STESTA network will also be compromised . This network was connected to the government intranet. In addition, given Serbia’s recent rapprochement with Russia, it is possible that information from this database may end up in the hands of Russian intelligence agencies.
Swedish detached government behavior alarming
Beyond the direct consequences of this leak, the fact that Sweden, a member of the European Union and NATO, can neglect such sensitive information to this point, is very worrying . The STA has leaked personal data of Swedish citizens, crucial data for the defense of the country, but has also compromised the security of the European Union intranet. Worse, the Swedish government’s detached reaction to this scandal is simply surreal.
Documents published following this affair show that the government, and more particularly the Minister of the Interior and the Minister of Infrastructure, have known for 18 months that these data were not secure. However, they chose not to react, or even to point the finger at the problem. The person responsible for this disaster, however, admitted criminal negligence in the handling of this confidential information, and was fined equivalent to half a month’s salary .
Faced with scandalized reactions from citizens, both inside and outside Sweden, let us hope that the government takes action so that such an event never occurs again. The Swedish Prime Minister described the leak as a real disaster . We bet that Sweden will learn the right lessons from this event, and will understand that choosing the cheapest solution is not always a good idea in the field of cloud and Big Data.