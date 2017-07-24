Sweden Accidentally Leaks Personal Details of Nearly All Citizens (thehackernews.com) 66
An anonymous reader quotes a report from The Hacker News: Swedish media is reporting of a massive data breach in the Swedish Transport Agency (Transportstyrelsen) after the agency mishandled an outsourcing deal with IBM, which led to the leak of the private data about every vehicle in the country, including those used by both police and military. The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more. The incident is believed to be one of the worst government information security disasters ever.
In 2015, the Swedish Transport Agency hand over IBM an IT maintenance contract to manage its databases and networks. However, the Swedish Transport Agency uploaded IBM's entire database onto cloud servers, which covered details on every vehicle in the country, including police and military registrations, and individuals on witness protection programs. The transport agency then emailed the entire database in messages to marketers that subscribe to it. And what's terrible is that the messages were sent in clear text. When the error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list themselves.
Um...according to TFA it WAS a corporation (IBM) that coughed up the data.
Re: (Score:2)
When the government screws up, you're stuck with it (short of revolution). In fact the way a lot of government union employment contracts are structured, you can't even fire the people responsible for the screwup.
I've never bought into the claim that all government is good and all corporations bad. Nor have I bought into the claim that all corporations a
Seriously? (Score:4, Insightful)
Swedish Transport Agency uploaded IBM's entire database onto cloud servers
The transport agency then emailed the entire database in messages to marketers that subscribe to it.
were sent in clear text
error was discovered, the transport agency merely thought of sending a new list in another email, asking the subscribers to delete the old list
every conceivable top secret database: fighter pilots, SEAL team operators, police suspects, people under witness relocation.
One of the multiple questions coming to my mind after reading all this is: why are so different types of top-level secret information of a country being stored in the same database?!
The much more logical setup is having different databases in
Im surprised hospital and psychiatric records arent available.
SELLING THEIR DATA TO MARKETERS
Good one too. Just the word "marketers" makes the whole thing even weirder.
Russian spies just got accepted their requests for a couple of years of sabbatical, because there's no more work to do.
Marketers subscribe (Score:5, Insightful)
..the transport agency then emailed the entire database in messages to marketers that subscribe to it.
This sentence makes no sense. What did the marketers subscribe to? The top secret database??!! This must have been quite a large database, I doubt that you can attach and mail it. Who mailed what to whom?
The whole article reads like something Google translate did on a day when the server was drunk or half asleep.
I hope they can sue IBM / jail someone (Score:2)
I hope they can sue IBM / jail someone for this.
Why would you sue or jail IBM when it was the government agency itself that uploaded the database to a cloud server and then emailed it? It's in the fucking summary.
Shouldn't matter to Swedes, since... (Score:2)
Funny this, yesterday, we were discussing the Norwegian story about how everybody has access to everyone else's income, and it's no big deal, since they have a sense of community & everyone trusts each other. Now, I know that Sweden is not Norway, but culturally, from what I understand, very similar. In which case, this accidental leak should be no issue at all, since all Scandinavians are perfectly honest people who wouldn't dream of even SCANNING other people's personal data, let alone steal from th
Best incident response policy ever! (Score:2)
Old news? (Score:2)
Although the data breach happened in 2015, Swedish Secret Service discovered it in 2016 and started investigating the incident, which led to the fire of STA director-general Maria Ågren in January 2017.
Holy shit. I have a hard time wrapping my head around how massive of a fuckup this is.
Ågren was also fined half a month's pay (70,000 Swedish krona which equals to $8,500)
Oh. Well hell, that ought to teach her.
Witness relocation (Score:2)
Why would a transport agency have any access to witness relocation data?
I mean witness protection.
Wtf is this spin? (Score:2)
The data breach exposed the names, photos and home addresses of millions of Swedish citizen, including fighter pilots of Swedish air force, members of the military's most secretive units, police suspects, people under the witness relocation program, the weight capacity of all roads and bridges, and much more.
Oh yeah, and it also reveals the names of catholic priests, pedophiles, skull-fuckers, rapists, and community leaders. Which, as anyone knows, are all the same people. And fuck, they also reveal who knows about Area 51, alien invaders, and [enter your tinfoil here].
In all seriousness though, wtf is the spin in TFS. It reads as if it was a national security issue, whereas TFS holds that it's about names, photos and home addresses. Not activity.
Fuck you Slashdot editors. You're worthless.
