A decision in 2015 to outsource sensitive national data by the former head of Sweden”s Transport Agency, Maria Ã…gren, is emerging as a blunder of massive proportions, for which Ã…gren was only fined half a month”s salary.
Säpo, Sweden’s security police, reportedly began investigating the agency (Transportstyrelsen) after learning that a list of all vehicles in the country – along with owner information – was accidentally leaked in plain text to IT workers at a cloud location in Eastern Europe as part of an outsourcing effort with IBM.
The IT staff, who operated an IBM data center in Serbia, lacked security clearance to handle the data, which included police and military vehicle information, complete with the full names and addresses of their owners. Even witness protection program data was leaked.
The leak, per privateinternetaccess.com, included:
As the scandal unfolded, Ã…gren was fired, for undisclosed reasons, in January, and was fined 70,000 kronor, or half a month”s salary. Later, she was found guilty of being “careless with secret information.”
Describing the outsourcing without proper security checks, one Transport Agency staff member likened the move to handing over “the keys to the Kingdom,” according to an interview with Säpo.
Ã…gren, to her defense, reportedly said she had no other way but to bypass standard security measures if she was to complete the outsourcing effort as the Transport Agency was letting staff go in 2015.
The Säpo report makes no indication as to whether Sweden”s national security was compromised due to the leak.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024