Swedish Transport Agency data breach compromised personal data of millions of citizens

Swedish Transport Agency data breach compromised personal data of millions of citizens

Swedish Transport Agency data breach compromised personal data of millions of citizens

In a major lapse, the Swedish Transport Agency leaked sensitive details of millions of transporters and military personnel to unauthorised individuals when it uploaded its database on the cloud in plain text.

The Swedish Transport Agency says it is taking steps to ensure such a lapse will not happen again.

In 2015, the Swedish Transport Agency hired IBM to manage its databases and networks, part of which involved sharing everything the agency had with the company. During the transfer, the agency uploaded its entire database on a cloud server and then emailed the database to marketers in plain text.

Sensitive details of 3 million WWE fans exposed on unprotected cloud storage

At the same time, the agency also gave unrestricted access to the database to IBM employees located in the Czech Republic as well as in other countries. As such, unauthorised IBM employees and marketers could easily access the Transporter’s database without having to break a sweat.

According to The Hacker News, the data breach exposed ‘names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military’s most secretive units, police suspects, people under the witness relocation programme, the weight capacity of all roads and bridges, and much more’.

The breach was discovered by Swedish authorities almost a year after it took place and subsequent investigations resulted in the dismissal of the agency’s Director General Maria Ågren in January this year. She was also fined half a month’s pay for being careless with secret information.

Global businesses facing cyber-attacks thanks to unregulated insider access

‘The best way to reduce the risk of deliberate or accidental data exposure is to limit access to those who need it the most – keeping sensitive data locked down – and to monitor data access so that when something suspicious happens, you can catch it before it turns into global headlines,’ says Ken Spinner, VP of Global Field Engineering, Varonis.

Spinner adds that employees cutting corners, making simple mistakes and not following security habits end up causing serious breaches.

‘Limiting data access and taking a privacy-by-design approach goes a long way in proactively protecting critical data. Perhaps most importantly, government agencies – and any organisation that processes and stores sensitive data – need to establish and uphold strong cybersecurity and data protection practices: not only for internal use but for all third party contractors as well,’ he adds.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]