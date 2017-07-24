Sweden Accidentally Leaks Personal Details of Nearly All Citizens (thehackernews.com) 113
An anonymous reader quotes a report from The Hacker News: Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military. The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more. The incident is believed to be one of the worst government information security disasters ever.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.
This is why the US need a smaller government... (Score:1)
This is why we need to tear down Hoover Dam and abandon hydroelectric power.
Have you been to Hoover Dam in recently? I was there in 2013. The water level has dropped substantially due to global warming. If the water level continues to drop, there won't be enough water to run the turbines.
Jag Ãr Brian och sa Ãr min fru!
once again, slashdot continues to FAIL IT with unicode
A reactor in Chernobyl melted down. Thank goodness this was a singular event [wikipedia.org], not likely to ever happen again.
Um...according to TFA it WAS a corporation (IBM) that coughed up the data.
Nowhere in TFA does it say IBM coughed up the data. It specifically says the government did it.
When the government screws up, you're stuck with it (short of revolution). In fact the way a lot of government union employment contracts are structured, you can't even fire the people responsible for the screwup.
I've never bought into the claim that all government is good and all corporations bad. Nor have I bought into the claim that all corporations are good and all government is bad. Both can do good things, both can do bad things. The trick is figuring out which things one tends to do better than the other, and giving the job to the more capable entity.
You can sue the government in many democracies. Not sure if Sweden is one of those places, but its certainly not something you can arbitrarily claim without looking into it. (Whether its useful to sue the government is another question of course..)
and giving the job to the more capable entity
Unfortunately neither organization has mastered preventing human error, so while you're not incorrect.. your statement is rather irrelevant to "someone f'd up," no matter how big an f they upped.
When the government screws up, you're stuck with it (short of revolution).
I don't know where you live but around here we have these things called elections which let us change governments without all the shooting, rioting and deaths of a typical revolution. You should try them, they aren't fantastic but they are a lot better than the alternative.
This is why the US need a smaller government...
How would a smaller government in the US mitigate a problem in Sweden?
Says a dude that is morbidly obese even while supposedly on a low-calorie, low-carb diet.
A smaller government obviously requires skinnier people.
It took you 10 weeks to lose 10 lbs? And you're bragging?!
According to coworker who is a martial arts expert, losing a pound per week is a sustainable over the long term.
And now it is according to You. You have a reference to a more secure source? Your coworker could have got it from an idiot.
You have a reference to a more secure source?
https://www.cdc.gov/healthyweight/losing_weight/index.html [cdc.gov]
It's natural for anyone trying to lose weight to want to lose it very quickly. But evidence shows that people who lose weight gradually and steadily (about 1 to 2 pounds per week) are more successful at keeping weight off. Healthy weight loss isn't just about a "diet" or "program". It's about an ongoing lifestyle that includes long-term changes in daily eating and exercise habits.
So you're doing the bare minimum and think it's bragworthy?
Yes. Now bitch about something else.
When you're fat and just starting out, you can lose 10 pounds in a week.
If you're a butterball, which I haven't been in 30 years. I rode a bike for 20 years and worked out at the gym for the last ten years. I carry more muscle than fat.
I guess what I'm saying is, a 375 pound man losing 10 pounds in 10 weeks isn't statistically significant enough to imagine a larger trend.
Check back in January when my weight is 325 or so. That was my lowest adult weight when I rode a bike to work for 100 miles per week for three years.
Yes, so long as you aren't simultaneously sustaining any other thing. Like a day job.
I'm joking just a bit, but the word "sustain" is commonly abused in exactly this way.
Weakly sustainable: when just this one thing can be sustained.
Strongly sustainable: a member of the set such that all strongly sustainable things can be sustained at the same time without surpassing the labours of Hercules.
Whenev
[...] have you ever given one hour notice at work, and then set foot in Tibet the very next day?
As an IT Support contractor, I started a job the same day with a four-hour notice (took that long to fill out, notarized and fax the HR paperwork). That has more to do with me being a miracle worker than my weight.
This story is more fun if, in your head, you read the summary using a Swedish accent.
See the løveli lakes
The wonderful telephøne system
And mani interesting furry animals
Including the majestic møøse.
You both use the Norwegian and Danish ö, not the Swedish one.
Nonsense,
The future is the issue, not the cloud.
Swedish Transport Agency uploaded IBM's entire database onto cloud servers
The transport agency then emailed the entire database in messages to marketers that subscribe to it.
were sent in clear text
error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list
every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.
One of the multiple questions coming to my mind after reading all this is: why are so different types of top-level secret information of a country being stored in the same database?!
The much more logical setup is having different databases in
There's benefits to having everything in one place in terms of performance and data deduplication.. for example, if they had military and driving and health records in three different databases -- that means 3 different copies of a person's name and likely 3 different copies of their address and other "standard" information. That means 3 places it can be screwed up by a clerk mistyping or whatever, and 3 places that need to be updated whenever a person moves or changes their name (direct name changes aren'
Here's some of the excuses:
http://www.expressen.se/nyhete... [expressen.se]
Google translate will do a good work of it.
Im surprised hospital and psychiatric records arent available.
SELLING THEIR DATA TO MARKETERS
Good one too. Just the word "marketers" makes the whole thing even weirder.
Well, the vehicle ownership is a matter of public record. I don't know what (if at all) they charge for the database in electronic form. My understanding from the swedish reporting is that the database that was e-mailed did not contain top secred data or anything national security sensitive. Just that they accidentally sent out the internal database, with actual names and other personal data on people with protected identities (e.g. witness protection).

The outsourcing of all kinds of secret data is a shits
The outsourcing of all kinds of secret data is a shits
Well the database wouldn't have information about "fighter pilots, SEAL team operators, police suspects, people under witness relocation" but it would have information about people who happen to be those sorts of things. The Scandinavian countries and quite a few other European countries all have a unique "person ID" which essentially an SSN on steroids. Pretty much any official service or registry that needs to identify you uses that number, so does the bank (no anonymous accounts), the phone company (no a
why are so different types of top-level secret information of a country being stored in the same database?!
I guess it may have been multiple databases but under their control. As for why all of it under their control: Efficency/savings I guess.
Russian spies just got accepted their requests for a couple of years of sabbatical, because there's no more work to do.
>
..the transport agency then emailed the entire database in messages to marketers that subscribe to it.
This sentence makes no sense. What did the marketers subscribe to? The top secret database??!! This must have been quite a large database, I doubt that you can attach and mail it. Who mailed what to whom?
The whole article reads like something Google translate did on a day when the server was drunk or half asleep.
They subscribed to what should have been the non-secret public database of vehicle ownership (used to target ads to owners of a particular brand of car, issuing parking tickets to registered owners, etc.) Transportstyrelsen e-mailed the unredacted (including true identity of car owners with "skyddad identitet" - protected identity) excel document to whomever subscribed to the vehicle registry.

http://www.dn.se/nyheter/sveri...
http://www.dn.se/nyheter/sveri... [www.dn.se]
I assume it was linked to the shared data? Or something. Whatever.
Very competent.
The director-general of the organisation admitted she had done it/wrong and got a 40 days of fines whatever that's called in the US / English. 70,000 SEK = $8,500. So now it's all been covered!
..
I hope they can sue IBM / jail someone for this.
Why would you sue or jail IBM when it was the government agency itself that uploaded the database to a cloud server and then emailed it? It's in the fucking summary.
I hope they can sue IBM / jail someone for this.
Well, at-least the director general got a $8,500 fine.
With great.. salary comes.. wait.. I know this one.. a larger parachute?
By the way, did you know our prime-minister earn 2 million SEK / year?
Almost twice of what Putin earn, bit above half of your president but you're a nation of ~33 times more people and well, I guess one could say you'd got competent leaders with authority and responsibility then again with the last guy I know some of you won't agree =P
Anyway, imagine having Putin as president for half the money!!
That's what dreams are made of:
https://www.youtube.com/watch?... [youtube.com]
And this:
https://www.facebook.com/firef... [facebook.com]
Funny this, yesterday, we were discussing the Norwegian story about how everybody has access to everyone else's income, and it's no big deal, since they have a sense of community & everyone trusts each other. Now, I know that Sweden is not Norway, but culturally, from what I understand, very similar. In which case, this accidental leak should be no issue at all, since all Scandinavians are perfectly honest people who wouldn't dream of even SCANNING other people's personal data, let alone steal from th
If the rest of the world can see details about every single driving licence ever issued in Sweden, I see no real harm. But this leak has (at least potentially) exposed things like which vehicles the secret army units have (and how many of them), who the Swedish combat pilots are and where they live, which roads and bridges can support which vehicle types (good to know when invading a country, so
Does that include chest size for the women? We need to know!
Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017.
Holy shit. I have a hard time wrapping my head around how massive of a fuckup this is.
Ågren was also fined half a month's pay (70,000 Swedish krona which equals to $8,500)
Oh. Well hell, that ought to teach her.
The crime she committed ("Recklessness with secret documents") carries a maximum penalty of one year in prison (BrB 19 kap. Â9). And altough I wouldn't mind seeing her spending some time behind bars, after having read (the redacted, non-juicy, parts of) the Secret service investigastion, I wouldn't really put the blame on her.
The whole mess started before she was appointed director of the agency, she seems to basically have been brought in and told: "Sign these documents, otherwise the outsourcing is g
Why would a transport agency have any access to witness relocation data?
I mean witness protection.
The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more.
Oh yeah, and it also reveals the names of catholic priests, pedophiles, skull-fuckers, rapists, and community leaders. Which, as anyone knows, are all the same people. And fuck, they also reveal who knows about Area 51, alien invaders, and [enter your tinfoil here].
In all seriousness though, wtf is the spin in TFS. It reads as if it was a national security issue, whereas TFS holds that it's about names, photos and home addresses. Not activity.
Fuck you Slashdot editors. You're worthless.
I'll delete it ... (Score:2)
... right after I copy it to safe harbour.
https://slashdot.org/comments.... [slashdot.org]
But ran into a case of communism. Anyway, my comments about the current situation of Sweden still holds:
https://slashdot.org/comments.... [slashdot.org]
https://slashdot.org/comments.... [slashdot.org]
https://slashdot.org/comments.... [slashdot.org]
Though totally unrelated to the leak and 100% about the only party which was voting against letting foreign companies handle this information and the current threats of democracy of Sweden and so on.
Seriously, Russia had been trying to do this for a year, and then Sweden goes and does it for them.

All those wasted hacker hours.

Sigh.
All those wasted hacker hours.
Sigh.