Today Swedish Prime Minister Stefan Lofven confirmed at a press conference that his administration had likely exposed the personal information of millions of Sweden’s citizens.
Back in September 2015 the Swedish Transport Agency outsourced its database and IT service management to private companies in the Czech Republic and Serbia. What seems to have happened is the Government started uploading its Data to the Private companies Cloud Servers where it was accessible to individuals outside of Sweden without the relevant security clearance.
The Data compromised consisted of the names, photos, and home addresses of Swedish citizens being held by the Swedish Transport Agency (STA). And as if that wasn’t bad enough the data was also still available to STA IT workers back in Sweden just after they had been laid off, so any disgruntled ex employees could download to their hearts content.
In March 2016 this information was made available to Marketing Companies (no I don’t know why this information should be sold off either) however this time the information included those with protected identities, i.e. Military Personnel and Witness Protection. The Swedish Secret Service noticed the mistake and notified the STA.
ARE WE GETTING THERE? … NO, NO WE’RE NOT
The database Admins emailed employees identifying all of the information that is supposed to be protected, and they asked vendors to simply remove it from their databases.
The moral of the story here is clearly that you need to be very careful who you instruct to secure your data.
Now don’t get me wrong, mistakes happen but data should always be properly encrypted and clearance to use that data needs to be properly managed, whatever your companies needs Aurora Tech Support can help.