Major breach sees 100 million data records on citizens leaked - here's what we know

News
By published

Swedish citizen and organization data exposed online

An abstract image of a lock against a digital background, denoting cybersecurity.
(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)
  • A database containing entire behavioral and financial profiles of people and businesses was left unsecured online
  • Researchers claim it belongs to a Danish fintech firm
  • The firm denies having anything to do with the archive

An enormous database, containing millions of highly sensitive information on Swedish citizens, was sitting on the open internet, available for anyone who knew where to look.

Cybernews researchers recently uncovered a misconfigured Elasticsearch server which they described as a “goldmine of business intelligence data”, containing hundreds of millions of highly detailed records belonging to Swedish individuals and organizations.

It was attributed it to a business intelligence specialist, but the company denied having anything to do with the archive.

Who owns the data?

In total, the data created a detailed financial and behavioral profile of both citizens, and organizations, in Sweden.

Overall, it contained more than 100 million data records, generated between 2019 and 2024, and spread across 25 indices.

This contained people’s names (including history of previous names), Swedish personal identity numbers, dates of birth, gender, address history (both locally and abroad), civil status, information about deceased individuals, foreign addresses (for emigrants), debt records, payment remarks, bankruptcy history, property ownership indicators, income tax, activity and event logs, financial data, and behavioral data.

Cybernews’ researchers attributed the server to Risika, a Danish fintech company offering real-time credit assessment, risk monitoring, and financial risk intelligence for businesses.

They claim the use of internal “dwh*” tags, and product-oriented index names “matched the conventions of known Risika products”.

However, the researchers also claim the database was likely operated by a downstream third-party, after Risika “legitimately provided” the data under a commercial license, “only to be misconfigured and left exposed”.

The researchers reached out to Risika, and the database was locked down the following day.

In the meantime, the company replied, stating that it had nothing to do with the archives:

“Our preliminary investigation indicates that the data referenced in the reported leak contains information that we do not own, store, or have access to through our business operations. This suggests that our systems are not the source of this particular data breach,” the company’s spokesperson told the researchers.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.