900,000 Danish ID numbers leaked online
The telephone banking and medical identification numbers of 900,000 Danes were publicly pasted online in a massive leak, the Danish government revealed calling the incident “simply a mistake.”
The leak took place through the Danish “Robinson List” which lists people who are immune from direct marketing, officials said Thursday. The exposure took place back on Wednesday while the personal details were available for almost an hour.
The Social Security numbers were being sent from CSC, a Danish IT company that works with the Danish government, to the State Social Security Office.
It is common practice for Denmark’s financial institutions, hospitals and other government agencies to request the number as a proof of identity, meaning the exposure left several people wide open to abuse.
The list was downloaded 18 times in the time in was made available to the public.
“We come from an analog world in which the Social Security number was super convenient. But it does not fit into a digital world that has a number that is so easy to crack,” said Council President for Digital Security, Birgitte Kofod Olsen, reported Danish business daily, Borsen.
“When you have a birthday and age, it is easy to guess the rest.”
Economic Affairs and Interior Minister Margrethe Vestager responded in a statement on Thursday.
“It's simply a mistake that should not happen ... I will consider the implications of this very thoroughly,” she said.
“We reacted immediately and notified the Central Office of Civil Registration,” Finn Gilling, who discovered the leak, told Borsen.
The EU is no stranger to massive leaks – caused by system glitches and hacking. In May, personal data of 1.3 million clients of the French telecommunications corporation Orange were stolen. The hack included mobile and land phone numbers, dates of birth and email addresses of the company's clients.