In capsule:
- Swedish transport agency accidentally exposed data about every vehicle in the country.
- Data containing classified information were also exposed and that can put both individuals and nation at risk.
- The breach happened in 2015 when agency handed over their maintenance contract to IBM to manage their data and network.
- When the agency accidentally emailed their entire database in clear text messages to every marketer to subscribe it the data were leaked.
- When the error was found agency mailed another new list and told the subscribers to delete the old list.
- Director General of the Transport Agency, Maria Ågren was fired and fined half a month pay for this.
- According to the new director-general of transport agency, the breach cannot be secured until this fall.
Swedish media reports data breach in Swedish transport agency which led to the leakage of details of every vehicle including police and military. The details include names, photos, address of everyone including details of persons which are supposed to be secret. The breach happened in 2015 when the Swedish transport agency handed over a contract to IBM to manage their database and networks. The database was uploaded to IBM Cloud which has the details of every vehicle in the country and including the details of individuals on witness protection programs. The leakage happened when the transport agency emailed their entire database in clear text messages to marketers to subscribe it, and when the error was found, the agency mailed another email with the new list and told subscribers to delete the old list. The problems got bigger when the IBM staffs from outside the country were allowed access to the transport agency’s systems without any proper security clearance. According to media reports, IBM staffs in the Czech Republic were given access to systems data and logs.and a company in Serbia managed the firewalls and communications. Rick Falkvinge, founder of Pirate Party and now head of privacy at VPN provider Private Internet Access has been working on this scandal to bring out every detail said that the incident “exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation." According to Rick Falkvinge, the data leakage exposed the Names, photos, and home addresses of fighter pilots in the Air Force, of individuals who are in a witness relocation program and details of everybody in police registers. Also exposed the details of all operators in the military’s most secret units – equivalent to the SAS or SEAL teams. The weight capacity of all roads and bridges (which is crucial for warfare, and says a lot about what roads are intended to be used as wartime airfields) and Type, model, weight, defects of any and all government and military vehicles, including their operator, which says a ton about the structure of military support units. Most of the data leaked are believed to classified and can poses threat to both individual and nation. Swedish secret service discovered the breach in 2016 and fired the Director General of the Transport Agency, Maria Ågren. She was also fined half a month’s pay. According to the new director-general Jonas Bjelfvenstam the investigation is still going, and leakage expected to be fixed by this fall said in a statement.
