In September 2015, the Swedish Transport Agency outsourced the handling of IT services, including the management of its database, to IBM in the Czech Republic and NCR (formerly AT&T) in Serbia.
The leak was brought to the attention of the media by Rick Falkvinge, the founder of the first Pirate Party and the head of privacy at Private Internet Access.
He said IBM was contracted to run — and this was done from Serbia — Sweden's secure intranet, the SGSI, or the Secure Government Swedish Intranet. This network is connected to the European Union’s STESTA, which is a European Union secure network. The Swedish Transport Agency gave staff in Serbia administrative network access to this network.
In January this year, there was an inkling that something was wrong after the director-general of transport, Maria Ågren, was fired.
But it was only on 6 July that the reason for her being sacked came to light. Ågren had signed the contract for off-shoring the handling all the data bypassing the guidelines that the agency had in place for such contracts.
Falkvinge said in a post: "It goes to show, again, that governments can’t even keep their most secret data under wraps — so any governmental assurances to keep your data safe have as much value as a truckload of dead rats in a tampon factory."
Among the information that had leaked, as enumerated by Falkvinge, was:
- the weight capacity of all roads and bridges (which is crucial for warfare, and says a lot about what roads are intended to be used as wartime airfields);
- names, photos, and home addresses of fighter pilots in the Air Force;
- names, photos, and home addresses of everybody and anybody in a police register, all of which are classified;
- names, photos, and home addresses of all operators in the military’s most secret units – equivalent to the SAS or SEAL teams;
- names, photos, and home addresses of everybody in a witness relocation program or who has been given protected identity for other reasons; and
- type, model, weight, and any defects of any and all government and military vehicles, including their operator, which says a ton about the structure of military support units.
Falkvinge says the data is still available for anyone to see and that plugging the leaks will take more time.