Denmark Govt Tax Portal Data Exposed Records Of 1.26 Million Citizens

The Danish Government now makes it into the news for a cybersecurity incident. Reportedly, the Denmark govt tax portal suffered a glitch that exposed citizens’ data online.

Danish Govt Tax Portal Exposed Data

The Danish Agency for Development and Simplification (Udviklings-og Forenklingsstyrelsen, or UFST) disclosed that the Denmark govt tax portal erroneously exposed citizen’s data.

As revealed, the glitch appeared in the old software of TastSelv Borger which resultantly leaked citizen’s CPR numbers. This accidental exposure happened when the numbers appeared as part of the web address.

The accidental sending of CPR numbers is due to a software error which has caused CPR numbers to become part of a web address sent to Google and Adobe respectively.

According to DXC Technology, the exposed data included records for about 1.26 million citizens’ CPR numbers over a five-year period. Specifically, the data ranged from February 2, 2015, to January 24, 2020. Whereas in another instance, the portal exposed 1330 citizen’s CPR numbers over a three-day period, that is, January 29, 2020, to February 1, 2020.

However, DXC confirmed that the exposed data did not include any other details, such as tax matters, payroll, or other similar information.

Investigations Underway

While UFST confirmed that the glitch occurred in the older software, they further assure no abuse of the exposed data. According to Director UFST, Andreas Berggreen (translated),

This is an older software bug that has been fixed today. It is important to note that in both cases there is no risk that the information sent encrypted has been misused. In one case, the information has been deleted as an integral part of the recipient process. Meaning it is neither logged in nor stored with Google. That one’s information can be misused.

Nonetheless, they are also ensuring necessary investigations of the matter. Besides, they also asked the Chamber of Commerce to evaluate the “basis for claim” against DXC over this security breach.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients