Sensitive information about millions of Swedish residents was made public by the government.
The whole Swedish Transport Agency (STA) database was placed onto cloud servers owned by these two businesses, which provide IT services to businesses like IBM in the Czech Republic and NCR in Serbia. As Sweden sacked its IT professionals, certain employees gained full access to the database.
The stolen information, according to various Swedish publications, included:
- Information from every Swedish driver's licence;
- Personal information from everyone in Sweden's witness relocation programme;
- Information from every Swedish driver's licence;
- Personal information from everyone in Sweden's witness relocation programme;
- Personal information from Sweden's elite military units;
- Personal information from all Swedish pilots and air controllers;
- Personal information from every Swedish citizen in a police register;
- Information from every Swedish government and military vehicle;
- Information on Sweden's road and transportation system
Only half of the official's monthly income, or 70,000 Swedish krona, or about $8,500, was punished for her role in the entire debacle.
TPRM report: https://scoringcyber.rankiteo.com/company/transportstyrelsen-swedish-transport-agency-
"id": "swe179241022",
"linkid": "transportstyrelsen-swedish-transport-agency-",
"type": "Breach",
"date": "07/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Transportation',
'location': 'Sweden',
'name': 'Swedish Transport Agency (STA)',
'type': 'Government Agency'}],
'attack_vector': 'Insider Threat',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ["Driver's licence information",
'Witness relocation programme '
'information',
'Elite military units '
'information',
'Pilots and air controllers '
'information',
'Police register information',
'Government and military vehicle '
'information',
'Road and transportation system '
'information']},
'description': 'Sensitive information about millions of Swedish residents was '
'made public by the government.',
'impact': {'data_compromised': ["Information from every Swedish driver's "
'licence',
'Personal information from everyone in '
"Sweden's witness relocation programme",
"Personal information from Sweden's elite "
'military units',
'Personal information from all Swedish pilots '
'and air controllers',
'Personal information from every Swedish '
'citizen in a police register',
'Information from every Swedish government '
'and military vehicle',
"Information on Sweden's road and "
'transportation system'],
'systems_affected': 'Cloud servers owned by IT service providers'},
'threat_actor': 'Insiders with full access to the database',
'title': 'Swedish Transport Agency Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access to cloud servers'}