Swedish transport agency breach exposes millions, from spies to confidential informants

The Swedish Transportstyrelsen (Transport Agency) botched its outsourcing to IBM, uploading its records to IBM's cloud and then emailing cleartext copies to marketing managers, unvetted IBM employees in the Czech Republic and others.


The database contains the names, photos and home addresses of all drivers/car owners in Sweden, and exposes the home addresses of the country's spies, people in witness relocation programs, people on police registries, and "type, model, weight, and any defects in all government and military vehicles, including their operator."

One agency employee, former director general Maria Ågren, was fired and fined, seemingly in connection with the breach.

The breach occurred in 2015, was detected in 2016, and has only just come to the public sphere.

The database is still hosted in IBM's cloud, and the earliest it could be locked down is this autumn.


According to Falkvinge, the leak exposed:


The weight capacity of all roads as well as bridges (which is crucial for warfare, and gives a lot idea about what roads are intended to be used as wartime airfields).

Names, photos, and home addresses of fighter pilots in the Air Force.


Names, photos, and home addresses of everybody in a police register, which are believed to be classified.


Names, photos, and residential addresses of all operators in the military's most secret units that are equivalent to the SAS or SEAL teams.

Names, photos, and addresses of everybody in a witness relocation program, who has been given protected identity for some reasons.


Type, model, weight, and any defects in all government and military vehicles, including their operator, which reveals a much about the structure of military support units.


Swedish authority handed over 'keys to the Kingdom' in IT security slip-up
[The Local]

Sweden Accidentally Leaks Personal Details of Nearly All Citizens [Swati Khandelwal/The Hacker News]