- A database with complete behavior and financial profiles of people and businesses was left unsecured online
- Researchers claim that it belongs to a Danish Fintech firm
- The firm refused to do anything with the collection
A huge database, which had millions of highly sensitive information on Swedish citizens, was sitting on the open internet, which was available for anyone, who knew where to see.
Cybernews Researchers recently exposed an incorrectly elasticure server, which they described as “Goldmine of Business Intelligence Data”, including crores of high wide records related to Swedish individuals and organizations.
It was attributed to a business intelligence specialist, but the company refused to do anything with the collection.
Who is the owner of the data?
Overall, data created a wide financial and practical profile of both citizens and organizations in Sweden.
Overall, it had more than 100 million data records, which originated between 2019 and 2024, and spread to 25 indices.
It includes people’s names (including the history of previous names), Swedish personal identity number, date of birth, gender, address history (both locally and abroad), civic status, information about deceased persons, foreign addresses (for migrants), loan records, payment comments, bankruptcy history, property ownership indicators, income tax, activity and phenomenon log, financial data, and behavioral data.
CybernewsResearchers attributed the resika to the server, which is a Danish Fintech Company, providing real -time credit assessment, risk monitoring and financial risk intelligence information for businesses.
They claim the use of internal “DWH*” tags, and product-oriented index names “corresponds to the conferences of the known residence products”.
However, the researchers also claim that the database was operated by a downstream third-party, after the resika “data was legalized legally under a commercial license”, “to be wrong and to be exposed”.
Researchers approached the resika, and the database was closed the next day.
Meanwhile, the company replied, saying that it had nothing to do with the archives:
The company spokesperson told researchers, “Our preliminary investigation indicates that the reports reported in the reports that we do not have, have access through the store or operation of our business. This shows that our systems are not the source of this particular data violation.”
