Sweden leaked every car owners' details last year, then tried to hush it up

Reassuring

Reassuring to know this isn't just the UK Government outsource experience :)

"The leak seems to have happened over email after the transport agency e-mailed the entire database in clear text messages to marketers that subscribe to it – and when the error was discovered, the agency merely sent a new list and told subscribers to delete the old list themselves."

#headshake #rolleyes

The country in one DB

Having the entire countries data in one database, that is small enough to send in one Email, really?

So a <15MB file. Maybe they could bring back privacy by bumping everyone's street address by 2 digits, or change the name of all 30 streets.

'Cloud'

As others have mentioned, 'Cloud' is simply a marketing term - the fabric of still is made up of servers residing within datacentres with fibre connecting them.

Considering the sensitive nature of the data contained in the mentioned database, has IBM even got a datacentre in Sweden, or were the Swedes happy for it to reside in Norway?

Another data leak.

It will never stop.

Most probably an intern going like :

"Here's your [censored™] database in cleartext since we can't be arsed to figure out how this encryption doohicky works.

Hakuna Matata. Nobody'll intercept it anyway. And if they do, they'll read the bit at the end of the email which will ask them nicely to delete it if it is not intended for them."

We need an Alfred E Neumann icon.

And even the small organisation I work for

is now doing disk encryption and 2FA. Although I'm sure I mentioned it three years ago.

How is that even possible that data was not properly encrypted at rest and classified at common government levels ?

I mean, even INSIDE the travel Agency there should be different clearances for data ... so it doesn't make any sense here.

What really happened - leakage to/by IBM or just admins had access doing nothing wrong?

As far as I know, IT service providers like IBM are bound by confidentiality agreements and their employess are bound, too.

If there's any leakage by IBM, is it somehow proven and documented?

I think the biggest mistake was on Swedish customer side (in design of the database missing encryption of sensitive data fields - content not needed to be seen by DB admins + in low contractual requirements on confidentiality/certification of security standards on provider side etc.)

When the scandal hits political floor and journalists are digging in it, facts are becoming less and less important.

In Czech newspapers one could read, that Swedish government crisis because of Czech employees of IBM ... it could have been Belarus, Bangalore, ... any other IT service provision site in the world whom could have the customer contracted.

Anything Sweden can do Norway can do better..like the Indian sub-contractor for a major Norwegian provider having access to the country's emergency services net for 14 months.

Slowly but surely governments and key businesses are realising the error of their offshore outsourcing ways.