BreachExchange mailing list archives
Every Swedish car owners' details may have leaked in explosive IT failure
From: Richard Forno <rforno () infowarrior org>
Date: Mon, 24 Jul 2017 10:41:12 -0400
(via IP) Every Swedish car owners' details may have leaked in explosive IT failure Driving license data has potentially been leaked due to carelessness in an outsourcing deal. By Charlie Osborne for Zero Day | July 24, 2017 -- 07:57 GMT (00:57 PDT) | Topic: Security The Swedish government has become embroiled in scandal after it emerged a mishandled outsourcing deal may have led to the leak of the private data of every car driver in the country. As reported by Swedish media publication Thelocal, local law enforcement is investigating the Swedish Transport Agency (Transportstyrelsen) after an outsourcing deal with IBM went awry, leading to the exposure of information about every vehicle in the country -- including police and military transport. While outsourcing isn't necessarily an issue, the problem, in this case, is that Eastern European IT staff given the contract had not undergone typical security clearance checks. This story began back in 2015 when IBM received an IT maintenance contract from Transportstyrelsen. Swedish newspaper Dagens Nyheter (DN) reports that IBM administrators were able to access all data and logs and, in an expose by VPN provider Private Internet Access head of Privacy Rik Falkvinge, it also appears that the leak could have disasterous consequences for national security. Falkvinge says that the names, photos, and home addresses of Air Force fighter pilots, secretive military units and those in witness relocation programs were also exposed, alongside information related to military vehicles, the weight capacity of all roads and bridges, and the identity of anyone in police registers. Former Director General of the Transport Agency Maria Ă…gren was fired in 2017, but it has only emerged now that the now-retired government official has been fined 70,000 kronor after an investigation into the potential leak found her guilty of being "careless with secret information," according to the publication. This is not the first time the transport authority's security processes have been found lacking.... < -- > http://www.zdnet.com/article/every-swedish-car-owners-details-may-have-leaked-in-explosive-it-failure/ _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Every Swedish car owners' details may have leaked in explosive IT failure Richard Forno (Jul 25)