Swedish Agency Skirts Its Own Security Rules, Exposes Data of Millions

The Swedish prime minister acknowledged a massive leak that exposed personal details about millions of Swedes, including anyone with a registered vehicle and possibly some military secrets, according to reports.

The information leaked when the Swedish Transport Agency bungled outsourcing its IT services to IBM Sweden in 2015, Prime Minister Stefan Lofven said at a press conference Monday. The agency handles vehicle registration—so it houses photos, names, addresses and vehicle info—but also could have information about military and police vehicles and personnel, as well as “people with protected identities,” the Financial Times reported.

The agency, under time pressure, opted to skip its security rules and allowed secret information to be handled by IT staff in Eastern Europe who hadn’t gone through proper clearances, The Local (Sweden) reported. The agency’s former leader Maria Ågren was fired in January for undisclosed reasons but was also fined for mishandling secret information.

Though the leak happened in 2015, Lofven said he only found out about it earlier this year, while other officials found out 18 months ago.

The transportation agency has plans to make sure only security-cleared personnel will be able to access data by the fall, the BBC reported.

“What happened in the transport agency is a disaster. It is extremely serious. It has exposed both Sweden and Swedish citizens to risks,” Lofven said.