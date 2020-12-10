If you have been paying attention to recent data breaches and information theft, you will notice that there is one country that received a lot of attention: Sweden. With its small population of 10 million, it is home to some of the biggest data centers in the world. Its low energy cost and good approach towards renewable energy make the country perfect for data center operations.

There are a lot of tech companies based in Sweden too. Many of them offer web services, produce the apps we use every day and operate tech hubs that connect different parts of the world are parts of Sweden’s tech startup portfolio. Unfortunately, the concentration of tech operations in the country also means it is home to some serious information security cases.

Truecaller Data Leak

The most recent data breach affects Truecaller, a startup that collects and processes data about spam calls, and then provides users with a spam call identification and blocking service. As a Swedish company, Truecaller bases its operations in Sweden.

The breach itself affected Truecaller users in India. Over 300 million user data profiles and additional details were put on sale on the dark web following a security incident. In India, Truecaller offers premium services through which users can search for the owner of any number on the platform.

The leaked data consists of more than 29 million mobile phone numbers, complete with details about the numbers’ owners. This means each mobile phone number can be associated with the owner, which includes some of the highest-ranking government officials and politicians.

Sold as a spreadsheet, the leaked data also included email addresses, service providers, and area identification. In some cases, the data includes subscriber photos and Facebook IDs. This is a serious data breach that will continue to affect millions of people for years to come.

Swedish Transport Agency Leak

In another astounding case, the details of nearly all Swedish citizens were leaked by mistake. Data from millions of vehicle owners in Sweden, including details about IDs and other sensitive materials, was left exposed. The leak was caused by a mistake in handling sensitive information as part of a cooperation deal with IBM.

The leak didn’t just affect private citizens either. Military and police vehicle details were also leaked with the rest of the data. A simple mishandling of information put these details in the hands of marketers and other unauthorized parties.

The cases started with the Swedish Transport Agency contracting IBM for IT maintenance of its databases and networks. The entire database was uploaded by mistake and shared with marketers who subscribed to services provided by the agency. The agency asked subscribers to delete the database themselves after the mistake was discovered.

The same maintenance contract also allows IBM technicians from outside of Sweden access to the entire database and computer network. Access was granted without sufficient security and background checks, leaving the whole system vulnerable to data breaches. The scandal left millions exposed and isn’t something that can be fixed immediately.

Patient Data Left Exposed

Another serious case of data mishandling happened earlier last year. Computer Sweden analyzed more than two million recorded calls belonging to the Swedish Healthcare Guide service, which were stored in an open web server without sufficient protection.

The calls are filled with patient details as well as sensitive information about their medical condition. In some cases, calls also included details about children and their medical conditions. The Swedish healthcare system is among the best in the world, but that doesn’t mean it is immune to data mishandling and breaches.

Based on the analysis by Computer Sweden, the same set of audio files contained phone numbers, private personal details, insurance, and financial details, and more sensitive information. The entire repository contains audio recordings from calls made to the hotline between 2013 and 2018, a whopping total of 170,000 hours.

A complete lack of information security is to blame here, and the cause of that is a misjudgment. Ignorance at the highest level of the government agency allowed for the data to be stored on a public cloud server and made accessible from outside the agency.

Is Sweden Really Bad at Data Protection?

These cases are just a few of many data breaches and information leaks happening in the country or to companies based in Sweden. So, is Sweden really bad at protecting user information? The answer to this question is still a big NO.

The introduction of GDPR and new regulations governing information security is mitigating information security risks. At the same time, the Swedish government and the private sector are working hard to prevent breaches and leaks from happening.

The more important point to realize is the fact that we now live in a world where information is valuable, and information theft, data breaches, and cyberattacks are more common than ever. Relying on government agencies and big companies to protect your privacy and data security is not enough. We have to be more proactive in ensuring the safety of our data online.