The Swedish government has exposed sensitive details on millions of citizens in one of the biggest government screw-ups ever, and the official responsible for the whole fiasco was fined only half of her monthly salary, which is 70,000 Swedish krona — or around $8,500.
The leak happened in September 2015, when the Swedish Transport Agency (STA) decided to outsource the management of its database and other IT services to companies such as IBM in the Czech Republic, and NCR in Serbia.
The entire STA database was uploaded onto cloud servers belonging to these two companies, and some employees got full access to the database, as Sweden fired its IT technicians.
It was only in March 2016 that the Swedish Secret Service realized what happened, and started an investigation, warning other government agencies that unauthorized foreigners were now in control of their IT systems after the STA had bypassed necessary security checks just to expedited the transition to the new IT system as they wanted to fire local IT staff.
According to several Swedish newspapers, the leaked data included:
All of this data is now under the management of foreign nationals in two countries that have governments with an increasing anti-EU and pro-Russian agenda. Furthermore, IBM allowed contractors in eleven other countries access to the database.
"There’s an enormous amount of data in Swedish about the overall leak scandal, but among all that data, one piece bears mentioning just to highlight the generally sloppy, negligent, and indeed criminal, attitude toward sensitive information," said Rick Falkvinge, Head of Privacy at Private Internet Access and the founder of the first Pirate Party, the one who brough this local issue to the attention of international press.
Following this huge mishap, the STA's Director General Maria Ågren resigned, and authorities charged her in 2016. At the start of the month, a Swedish court found her guilty of negligence but the sentence passed down was ludicrous in the eyes of many citizens, with court docking half of her monthly salary as punishment.
"Given how much the establishment has got each other’s backs, this sentence was roughly equivalent to life in prison for a common person on the street, meaning they must have done something really awful to get not just a guilty verdict, but actually be fined half a month’s salary," Falkvinge commented on the sentence.
The Swedish government is now in crisis as defense officials are now looking into the extent of the breach and if IBM or NCR employees were granted access to the European Union’s secure STESTA intranet or the Swedish Government Secure Intranet (SGSI). The STA database remains under the management of the two foreign companies.