Home Hacking News Denmark Govt Tax Portal Data Exposed Records Of 1.26 Million Citizens
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Denmark Govt Tax Portal Data Exposed Records Of 1.26 Million Citizens

by Abeerah Hashim
written by Abeerah Hashim
Denmark Tax portal exposed data

The Danish Government now makes it into the news for a cybersecurity incident. Reportedly, the Denmark govt tax portal suffered a glitch that exposed citizens’ data online.

Danish Govt Tax Portal Exposed Data

The Danish Agency for Development and Simplification (Udviklings-og Forenklingsstyrelsen, or UFST) disclosed that the Denmark govt tax portal erroneously exposed citizen’s data.

As revealed, the glitch appeared in the old software of TastSelv Borger which resultantly leaked citizen’s CPR numbers. This accidental exposure happened when the numbers appeared as part of the web address.

The accidental sending of CPR numbers is due to a software error which has caused CPR numbers to become part of a web address sent to Google and Adobe respectively.

According to DXC Technology, the exposed data included records for about 1.26 million citizens’ CPR numbers over a five-year period. Specifically, the data ranged from February 2, 2015, to January 24, 2020. Whereas in another instance, the portal exposed 1330 citizen’s CPR numbers over a three-day period, that is, January 29, 2020, to February 1, 2020.

However, DXC confirmed that the exposed data did not include any other details, such as tax matters, payroll, or other similar information.

Investigations Underway

While UFST confirmed that the glitch occurred in the older software, they further assure no abuse of the exposed data. According to Director UFST, Andreas Berggreen (translated),

This is an older software bug that has been fixed today. It is important to note that in both cases there is no risk that the information sent encrypted has been misused. In one case, the information has been deleted as an integral part of the recipient process. Meaning it is neither logged in nor stored with Google. That one’s information can be misused.

Nonetheless, they are also ensuring necessary investigations of the matter. Besides, they also asked the Chamber of Commerce to evaluate the “basis for claim” against DXC over this security breach.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...