Swedish Transport Authority Data Breach (2015)

Swedish authorities are battling to contain a major privacy breach that has seen sensitive information on its citizens and the country's military leaked to companies and individuals outside the Nordic nation. In 2015 the Swedish Transport Authority hired IBM to move the country's drivers licence register to the cloud. IBM in turn used subcontractors in the Czech Republic and Romania. These contractors were given access to the full dataset from the Transport Authority, which included information like photographs and home addresses on Swedish Air Force and special forces personnel. The overseas contractors did not have security clearance to view such sensitive information, which also included road and bridge weight capacities and whether a vehicle is armoured, Sweden's national TV broadcaster SvT reported. People in witness protection programs were also included in the drivers licence data. Rather than making available a redacted version of the database, the Swedish Transport Authority instead sent out clear text emails to the companies asking them to manually delete the sensitive information they held.