- A database containing whole behavioral and financial profiles of people and businesses has not been secured online
- Researchers say it is up to a Danish fintech company
- The company denies having something to do with the archives
A huge database, containing millions of very sensitive information on Swedish citizens, was seated on the internet open, available for all those who knew where to look for.
Cyberness The researchers recently discovered an ill -configured Elasticsearch server that they described as a “gold mine of commercial data”, containing hundreds of millions of very detailed records belonging to Swedish individuals and organizations.
It was attributed to a specialist in business intelligence, but society denied having something to do with the archives.
Who does the data belong to?
In total, the data created a detailed financial and behavioral profile of citizens and organizations in Sweden.
Overall, it contained more than 100 million data records, generated between 2019 and 2024 and spread over 25 indices.
This contained the names of people (including the history of previous names), Swedish personal identity numbers, birth dates, sex, address history (both locally and abroad), civil status, information on deceased individuals, foreign addresses (for emigrants), debt files, payment remarks, bankruptcy. property, income tax, business newspapers and financial data and behavioral data.
Cyberness“The researchers awarded the server to Risika, a Danish fintech company offering real -time credit assessment, risks monitoring and financial risks for companies.
They demand the use of internal “DWH *” tags and index names oriented on the product “corresponding to the conventions of known RISIKA products”.
However, the researchers also claim that the database was probably used by a downstream third party, after Risika has “legitimately supplied” the data under commercial license, “to be poorly configured and left exposed”.
The researchers contacted Risika and the database was locked the next day.
In the meantime, the company replied, declaring that it had nothing to do with the archives:
“Our preliminary survey indicates that the data referenced in the indicated leak contain information to which we do not have, do not store or do not have access through our commercial operations.
