150,000 Danish Social Security Numbers and Protected Addresses Leaked
On January 27th, Erhvervsstyrelsen (Danish Business Authority) reported a data leak of 150.000 Danish social security numbers and protected addresses. The Danish Business Authority has by mistake leaked via their website cvr.dk and their API that companies have free access to. The information was public between the 27th January and 29th of January. All companies that have pulled information from the API have gained access to all the information in this breach- making it more than just an internal issue for Erhvervsstyrelsen but rather a full-blown national security risk for Denmark as well as any company or individual with these records stored on them.
Erhvervsstyrelsen decided to closed down their entire website for multiple days to fix the error. The Danish Data Protection Agency is investigating this issue as a matter of urgency and has demanded Erhvervsstyrelsen to provide information about who was affected by the leak, how long it lasted for and what measures they are going to take in order to protect citizens’ data from future breaches.
The most disturbing part of this story is that it wasn’t noticed until January 29th when an unknown person contacted them with some concerns about their data. Erhversstyrelsen quickly shut down their website and API for several days before opening back up to the public. It took them a month longer to release a press release about the leak. Read the full press release at the bottom of this news article.
This just proves once again how important cybersecurity should be taken seriously not only at home but also in business environments where sensitive information can be leaked easily if you’re not careful enough.
At first, Erhvervsstyrelsen would not say how many were affected by the leak, but it was later discovered by danish news site finans.dk that 150.000 private information was public for more than 48 hours. Erhvervsstyrelsen refused that they have been hacked and states that it is a human error.
Erhvervsstyrelsen has reported the case to Datatilsynet (Danish Data Protection) and it is currently under investigation.
Official Press Release: https://erhvervsstyrelsen.dk/offentlig-underretning-om-brud-paa-persondatasikkerheden
This news article is currently being updated…