Negligence and poor security to blame in Sweden IBM Data Leak
Think your digital information is safe in the hands of your government? Yeah, so did Sweden, until the big Sweden IBM data breach happened. So how did one of the world’s biggest technology companies and the ruling government of an entire country manage such a massive mishap?
Well, it all began back in July, when news of the Sweden IBM data breach leaked via Swedish newspaper Dagens Nyheter. But to really get a sense for how long this digital storm has been brewing, let’s step back to 2015, when Sweden’s Transport Agency outsourced its IT operations to IBM. The contract was worth nearly $100 million, and IBM was therin tasked with managing all of Sweden’s vehicle registrations and driver’s license databases.
Crap really began to hit the fan once the Transport Agency was handed over to IBM under the former director general, Maria Agren, though. Because that’s when the Transport Agency started to receive, and ignore, warnings from the Swedish Security Service. The agency has since come under scrutiny for evading rules in order to outsource the contract from the beginning, which utilized the use of outside vendors based in Romania and the Czech Republic. Hindsight is always is 20/20.
Proper safeguards and security measures were also never implemented at the beginning of the outsourcing agreement and, as a result, personnel at IBM subsidiaries in Eastern Europe suddenly had access to super sensitive information. The Sweden IBM data leak includes details about bridges, roads, ports, the subway system in Stockholm, and other infrastructure. Data about defense plans and details of witness protection schemes were exposed, too.
But wait, the fun doesn’t stop there. The identities of people working undercover for the Swedish police and the Swedish security service (known as Sapo), may have also been compromised. And the names of people working undercover for the special intelligence unit of the Swedish armed forces could be piss out of luck, as well.
So how did it all go wrong, so fast? All of Sweden’s data was uploaded to Cloud servers made available to people outside of Sweden who didn’t have security clearance to access said info. According to the results of a preliminary investigation that began all the way back in 2016,
At least three unauthorized people in the Czech Republic had full access to the databases, meaning that they could copy the information and erase their electronic footprints.
The current 411 on the major Sweden IBM data leak thus far is this: Agren was fired as head of the Transport Agency and fined $8,500. The agency’s chairman got the boot, too. Sweden’s armed forces have taken the necessary precautions to protect themselves against their own government. And Swedish Prime Minister, Stefan Lofven, is doing some major damage control. Lofven was recently quoted as saying that the Swedish government is dedicated to making its citizens feel safe knowing that their personal information and other sensitive information will be handled correctly.
It’s unclear whether or not Lofven has ever heard of the phrase “too little, too late,” but considering the lead project manager on the initial outsourcing agreement admitted during questioning that he had no knowledge whatsoever of how to ensure security, I wouldn’t put too much stock in Lofven’s words if I was them. But that’s just me. And like other media sources have already pointed out, it should be made clear that no one is pointing any fingers at IBM Sweden.
For zbrella Technology Consulting, I’m Christopher Clark, and here’s to learning from some of the biggest eff-ups in international history, goodnight and good luck.