A massive Swedish data leak has exposed over 100 million highly detailed records on individuals and organizations, revealing a five-year snapshot of personal and financial activity. The leak stems from an unsecured Elasticsearch server that didn’t require a password and was freely accessible online.
Discovered by Cybernews researchers, the leak includes information spanning from 2019 to 2024, stored across 25 indices—some exceeding 200GB in size. The exposed records provide an unprecedented level of detail about Swedish citizens and businesses.
What Was Leaked?
The leaked database includes:
- Full names and previous name history
- Swedish personal identity numbers
- Date of birth and gender
- Domestic and foreign address history
- Civil status and records of deceased individuals
- Income tax data (2019–2023)
- Debt records, bankruptcy history, and property indicators
- Logs of activity: address changes, income statements, migration data
This data effectively creates five-year behavioral and financial profiles of individuals and companies alike.
Risks of the Leak
The leaked data could be exploited for:
- Phishing and social engineering attacks
- Corporate espionage or surveillance
- Targeted extortion campaigns
- Credit fraud and identity theft
Lenders, banks, or compliance teams could use this data for unauthorized risk profiling, while threat actors could weaponize it with minimal effort.
Link to Risika Business Intelligence
Analysis of the exposed server points to Risika, a leading Nordic business intelligence provider. The server contained internal naming conventions consistent with Risika’s data warehouse infrastructure.
However, the leak may not be Risika’s direct fault. The Elasticsearch cluster likely belonged to a third-party client, possibly operating under a commercial license. Poor security practices on the client’s end resulted in the exposure.
Disclosure Timeline
- May 9, 2025: Researchers discovered the leak
- May 10: Responsible disclosure sent to Risika
- May 11: Exposed server was taken offline
- Risika has not publicly responded as of the time of writing.
Conclusion
The Swedish data leak may become one of the most far-reaching intelligence exposures in recent Nordic history. With years of financial, behavioral, and identity data revealed, the risks to both individuals and institutions are enormous. Regulators or criminals may act on the leak, depending on how authorities respond.
0 responses to “Massive Data Leak Exposes Years of Swedish Citizens’ Private Lives”