[BreachExchange] Every Swedish car owners' details may have leaked in explosive IT failure

Richard Forno rforno at infowarrior.org
Mon Jul 24 10:41:12 EDT 2017


(via IP)

Every Swedish car owners' details may have leaked in explosive IT failure

Driving license data has potentially been leaked due to carelessness in an outsourcing deal.

By Charlie Osborne for Zero Day | July 24, 2017 -- 07:57 GMT (00:57 PDT) | Topic: Security

The Swedish government has become embroiled in scandal after it emerged a mishandled outsourcing deal may have led to the leak of the private data of every car driver in the country.

As reported by Swedish media publication Thelocal, local law enforcement is investigating the Swedish Transport Agency (Transportstyrelsen) after an outsourcing deal with IBM went awry, leading to the exposure of information about every vehicle in the country -- including police and military transport.

While outsourcing isn't necessarily an issue, the problem, in this case, is that Eastern European IT staff given the contract had not undergone typical security clearance checks.

This story began back in 2015 when IBM received an IT maintenance contract from Transportstyrelsen.

Swedish newspaper Dagens Nyheter (DN) reports that IBM administrators were able to access all data and logs and, in an expose by VPN provider Private Internet Access head of Privacy Rik Falkvinge, it also appears that the leak could have disasterous consequences for national security.

Falkvinge says that the names, photos, and home addresses of Air Force fighter pilots, secretive military units and those in witness relocation programs were also exposed, alongside information related to military vehicles, the weight capacity of all roads and bridges, and the identity of anyone in police registers.

Former Director General of the Transport Agency Maria Ă…gren was fired in 2017, but it has only emerged now that the now-retired government official has been fined 70,000 kronor after an investigation into the potential leak found her guilty of being "careless with secret information," according to the publication.

This is not the first time the transport authority's security processes have been found lacking....

< -- >

http://www.zdnet.com/article/every-swedish-car-owners-details-may-have-leaked-in-explosive-it-failure/


More information about the BreachExchange mailing list