What began as a scandal earlier in July, has now escalated into a full-blown political crisis for the Swedish government, as the extent of the confidential data leak has become known.
The back story goes a little something like this…
The sensitive and personal data of millions of transporters in Sweden, alongside the nation’s military secrets, have been exposed – putting every individual in Sweden, as well as their national security, at risk.
Thinking they were moving sensitive data to the cloud, under a 2015 outsourcing agreement with IBM, the Swedish Transport Agency (STA) inadvertently send all this confidential data to marketers who had subscribed to updates from the Agency. As if it weren’t bad enough that this information was sent out in the first place, to add insult to injury, the information was completely unencrypted.
Once aware of the error, the Agency then decided that the appropriate action was simply to send another email to the subscriber list asking them to delete the information they had been sent, and no further action. Not only was the information available to those on the subscriber list, but could also be accessed by IBM employees working in the Czech Republic without any security clearance (something which was waived by the STA Director General, Maria Ågren).
Pirate Party Founder Rik Falvinge, who is also head of privacy at VPN provider Private Internet Access, the incident “exposed and leaked every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation. Names, photos and home addresses: the list is just getting started”.
Although the breach took place in 2015, Swedish Secret Service discovered it in 2016, and began investigating the incident. In January 2017, Maria Ågren was fired from her position, and fined the somewhat farcical amount of half a month’s pay after being found guilty of being “careless with secret information” – a total of 70,000 Swedish Krona, which equates to $8,500.
Where it has now gotten sticky for the Swedish government is that it has come to light that several government ministers had known about the data breach for at least 18 months, but had failed to inform the Prime Minister. Since this revelation, two cabinet ministers have stepped down from their roles.
The show must go on for the Swedish Government, as they scramble to contain the damage, but one thing is for sure – they will most definitely be looking into implementing a solution that minimises the risk this kind of damaging data breach from ever happening again.