Director who outsourced Swedish government database to the cloud, where critical data was compromised, fined just £6,500

Government database migrated to the cloud with IBM and NCR leaked witness protection details and military information to "unauthorised people"

The director at fault for Sweden's biggest-ever government data leak has been fined just half a month's pay - equivalent to 70,000 Swedish krona or £6,500 - as punishment for lax security.

In September 2015, the Swedish Transport Agency (STA) outsourced the management of its database and other essential IT services to IBM in the Czech Republic and NCR in Serbia. The idea was to shift the database into the cloud, removing the need for in-house technicians at the STA.

However, in March 2016, the Swedish Secret Service started an investigation into the outsourcing arrangement, and found that unauthorised people from the Czech Republic and Serbia were effectively in control of their IT systems because of the STA's lax attitude to security.

In one instance, the entire register of vehicles was sent to marketers who subscribed to the STA. This included some data which regarded as public information, but it also included data on people in witness protection programmes, personal details of Sweden's military units and fighter pilots, and details of government and military vehicles.

To make matters worse, the STA did not send out a new version with the sensitive data removed, but instead pointed out the sensitive data and requested recipients to remove this information themselves - highlighting the highly sensitive data that the STA had sold.

The information came to light when the director general of the STA, Maria Agren, retired from her position in January.

It was only revealed earlier this month that she had been found guilty of exposing classified information in a criminal case in Sweden.

While half a month's pay may not seem like a great deal, Rick Falkvinge, head of privacy at Private Internet Access, suggested that it was a significant amount because of the way in which senior directors in Sweden's government and public sector usually look after each other.

"Given how much the establishment has got each other's backs, this sentence was roughly equivalent to life in prison for a common person on the street, meaning they must have done something really awful to get not just a guilty verdict, but actually be fined half a month's salary," he said.

An investigation is ongoing, but Falkvinge warned that all of the data should be expected to be "permanently exposed".