Data Breach

Worst known governmental leak ever affected the Swedish Transport Agency. Homeland security at risk

Worst known governmental leak ever affected the Swedish Transport Agency, data includes records of members of the military secret units.

Sweden might be the scenario for the worst known governmental leak ever, the Swedish Transport Agency moved all of its data to “the cloud,” but it transferred it to somebody else’s computer.

The huge trove of data includes top secret documents related to the fighter pilots, SEAL team operators, police suspects, people under witness relocation.

“The responsible director has been found guilty in criminal court of the whole affair, and sentenced to the harshest sentence ever seen in Swedish government: she was docked half a month’s paycheck.” wrote PrivacyNewsOnline.

Full data of top-secret governmental individuals, including photo, name, and home address, was leaked.

Director General Maria Ågren in Sweden was fined half a month’s salary in a very short trial.

Further investigation in the governmental data leak revealed that the Swedish Transport Agency moved all its data to “the cloud”, as managed by IBM, two years ago, but suddenly the Director General of the Transport Agency, Maria Ågren, was quickly retired from her position in January 2017.

On July 6 it was disclosed the news that the Director was found guilty of exposing classified information in a criminal court of law.

But on July 6th, she is known to be secretly investigated to have cleared confidential information. According to the Security Unit for Security Objectives, the data may damage the security of the country. She is ordered to pay 70,000 kronor in daily fines.” reported the website SvtNyHeater.se.

“Among other things, the entire Swedish database of driving license photos has been available to several Czech technologies, which have not been tested for security. This means that neither the SÄPO nor the Transport Agency had control over the persons who handled the information that could be said to damage the security of the country.

Leaked data included information related to people in the witness protection program and similar programs. This information was wrongly included in the register distributed outside the Agency as part of a normal procedure. Another unacceptable mistake was discovered by the investigators when a new version without the sensitive identities was distributed, the Agency did not instruct recipients of destroying the old copy.

“Last March, the entire register of vehicles was sent to marketers subscribing to it. This is normal in itself, as the vehicle register is public information, and therefore subject to Freedom-of-Information excerpts.” continues the Swedish website. “What was not normal were two things: first, that people in the witness protection program and similar programs were included in the register distributed outside the Agency, and second, when this fatal mistake was discovered, a new version without the sensitive identities was not distributed with instructions to destroy the old copy. Instead, the sensitive identities were pointed out and named in a second distribution with a request for all subscribers to remove these records themselves. This took place in open cleartext e-mail.”

Sensitive data on Swedish vehicles was released to companies with no security clearance. Credit: Jonas Ekströmer/TT

Leaked information is precious data for a foreign government in an Information warfare scenario, data includes records of fighter pilots in the Air Force, policemen, and members of the military’s most secret units.

The archive also includes any kind of information about any government and military vehicle, including their “operator, which says a ton about the structure of military support units;”

The PrivacyNewsOnline confirmed that the governmental data leak is still ongoing and that it can be expected to be fixed “maybe this fall”.

“Much of the available analysis of the leak is still in the form of fully-redacted documents from the Security Police and similar agencies.” concluded the news agency.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  (Sweden governmental leak, Swedish Transport Agency)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

8 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

12 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

18 hours ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

21 hours ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

TheMoon bot infected 40,000 devices in January and February

A new variant of TheMoon malware infected thousands of outdated small office and home office…

1 day ago

This website uses cookies.