Exposing sensitive information on millions of citizens is not something any government would want to deal with. This happened recently in Sweden when millions of residents saw their sensitive information exposed due to human error. The person responsible has been identified successfully and she was fined US$8,500 for her unprofessional behavior. That punishment is very mild.
Trouble arose for the Swedish government back in September of 2015 when the Swedish Transport Agency outsourced database and IT services management to companies in different countries. This also meant the entire database of information would be uploaded to the cloud, allowing some employees to be given complete access to all of this information. Sweden, as it turns out, fired all IT staffers tasked with keeping this information safe prior to outsourcing the job.
The migration of this database to the cloud seemingly went off without a hitch. However, in March of 2016, an issue was discovered by the Swedish Secret Service: unauthorized foreigners were in control of national IT systems and information. This had been made possible thanks to the Swedish Transport Agency’s bypassing the required security checks in order to speed up the migration to the cloud. This had exposed large amounts of sensitive information to people who should not have had access to it in the first place.
The scope of the exposed data included information pertaining to drivers licenses, witness relocation, fighter pilots, military units, and much more. Allowing foreigners to manage all of that critical information is one thing. When those countries are known for anti-EU and pro-Russian agendas, things only get worse. It also appears that outsourcing this database to IBM allowed contractors in nearly a dozen other countries to access this information. It was one of the worst oversights by the Swedish government to date.
The person responsible for this disastrous decision was Swedish Transport Agency director Maria Agren. She resigned from her job in 2016 but was later charged by authorities. A local court found her guilty of negligence, but she got away with a small slap on the wrist. A fine of US$8,500 — half of her monthly salary — was the verdict. That decision was not well received by the Swedish population. If it were any regular staffer, he or she would probably have faced life in prison for this gross negligence.
Even though the issue has been identified, resolving this data leak will be a very different challenge. The Swedish government is now looking into how extensive the breach was and who exactly had access to this data. There is no plan in place to revoke database access from these foreign companies, which is another dubious decision. This is not the last we will have heard of this Swedish government chaos, since the real problem has not been addressed.
Source: The Merkle
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://themerkle.com/woman-responsible-for-swedens-biggest-data-leak-gets-a-minuscule-fine/