What happened in the Swedish citizens data leak?

An unsecured database exposed on the internet was leaking financial and personal records of Swedish citizens and organizations. Cybernews researchers discovered an unsecured Elasticsearch server accessible to anyone with internet access, containing 100 million records spanning five years of personal, financial, and behavioral intelligence.

What types of personal and financial information were exposed?

The exposed data includes full legal names including historical name changes, Swedish personal identity numbers (equivalent to Social Security numbers), dates of birth and gender information, complete address histories both domestic and international, civil status information and records of deceased individuals, foreign addresses for Swedish emigrants, comprehensive debt records and payment histories, bankruptcy information and property ownership indicators, income tax data spanning multiple years (2019-2023), activity and event logs including income statement submissions, migration status updates and address change records, and detailed financial and behavioral profiles.

How many Swedish citizens could potentially be affected?

Since Sweden's total population is approximately 10.5 million people and the dataset contains 100 million records, it likely contains multiple records per individual. While it's not clear exactly how many individuals are exposed, even if it's just 10% of the population, it would still affect approximately one million Swedish citizens.

What is Risika and what was their response to the data exposure?

Risika is a Nordic business intelligence firm that was initially suspected of owning the database based on database structure and naming conventions. However, Risika issued a statement denying responsibility, with their spokesperson stating that their preliminary investigation indicates the data contains information they do not own, store, or have access to through their business operations.

Why was Risika contacted if they deny owning the database?

Initial analysis by cybersecurity researchers suggested Risika might be the owner of the database based on database structure and naming conventions. Although Risika denies ownership, the fact that the database was closed after notification to them suggests Risika knows who the actual owner is and communicated the issue further.

What types of financial records were included in the exposure?

The financial records included comprehensive debt records and payment histories, bankruptcy information and property ownership indicators, income tax data spanning multiple years from 2019-2023, and detailed financial and behavioral profiles. This represents an extensive view of Swedish citizens' financial situations over several years.

What makes Swedish personal identity numbers particularly sensitive?

Swedish personal identity numbers are equivalent to Social Security numbers in other countries and serve as unique identifiers for individuals in Sweden's government and financial systems. The exposure of these numbers, combined with comprehensive personal and financial data, creates significant risks for identity theft, financial fraud, and privacy violations for affected Swedish citizens.

What should Swedish citizens do to protect themselves after this data exposure?

Swedish citizens should monitor their financial accounts and credit reports for suspicious activity, be vigilant for potential identity theft attempts, consider freezing their credit if available, be cautious of phishing attempts that might use their exposed personal information, and stay informed about any official guidance from Swedish authorities regarding this data breach. They should also be particularly careful about sharing personal information and verify the legitimacy of any requests for financial or personal data.

Incident

Unsecured database exposes 100 million records of Swedish citizens

Q: Who discovered the data leak and when was it addressed?

The leak was discovered by Cybernews researchers who found the unsecured Elasticsearch server. Cybernews sent a disclosure notice to Risika, a Nordic business intelligence firm, and the exposed server was taken offline the following day on May 11, 2025.

published: July 24, 2025

Learn More

An unsecured database exposed on the internet is leaking financial and personal records of Swedish citizens and organizations.

The leak was discovered by Cybernews researchers, who found an unsecured Elasticsearch server accessible to anyone with internet access. The database contained 100 million records spanning five years of personal, financial, and behavioral intelligence.

Exposed data includes:

Full legal names, including historical name changes
Swedish personal identity numbers (equivalent to Social Security numbers)
Dates of birth and gender information
Complete address histories, both domestic and international
Civil status information and records of deceased individuals
Foreign addresses for Swedish emigrants
Comprehensive debt records and payment histories
Bankruptcy information and property ownership indicators
Income tax data spanning multiple years (2019-2023)
Activity and event logs including income statement submissions
Migration status updates and address change records
Detailed financial and behavioral profiles

The exposed database contained over 100 million records affecting Swedish citizens and organizations, with data spanning from 2019 to 2024. The information was organized across 25 separate database indices, with some individual datasets exceeding 200GB in size. Since Sweden's total population is approximately 10.5 million people, the dataset likely contains multiple records per individual. It's not clear how many individuals are exposed, but even if it's just 10% of tje population it's still a million.

Cybernews sent a disclosure notice to Risika, a Nordic business intelligence firm that initial analysis suggested might be the owner of the database - based on database structure and naming conventions. The exposed server was taken offline the following day, May 11, 2025.

Risika issued a statement denying responsibility for the data exposure. The company's spokesperson stated: "Our preliminary investigation indicates that the data referenced in the reported leak contains information that we do not own, store, or have access to through our business operations.

Since the database was closed after a notification to Risika, even if it's not owned by that company it's clear that Risika knows who is the owner of the database and communicated the issue further.

Unsecured database exposes 100 million records of Swedish citizens

Read More
Hertz corporation confirms data breach affecting customers of …
Collectibles.com data leak exposes information of nearly 900,000 …
Seasons Living data breach exposes residents and staff …
PornHub Premium members data exposed after Mixpanel analytics …
Victorian landscaping firm Super Gardens data leaked by …