Massive data leak maps out years of Swedish citizens’ private lives

Published: 23 July 2025
Last updated: 28 July 2025
swedish data leak
Image by Cybernews

An unsecured server has exposed hundreds of millions of detailed records on Swedish citizens and companies, offering a data goldmine for anyone who stumbles on it.

A misconfigured Elasticsearch server has exposed a goldmine of business intelligence data with hundreds of millions of highly detailed records tied to Swedish individuals and organizations.

Cybernews researchers identified the unsecured database, which did not require any authentication and was fully accessible to the public internet.

ADVERTISEMENT

The leaked data consisted of over 100 million records dated from 2019 to 2024, spread across 25 separate indices, with some datasets ballooning to more than 200GB in size.

swedish data leak

What was leaked?

Many leaked records contained highly sensitive personal and organizational information, including:

  • Full legal names, including history of previous names
  • Swedish personal identity numbers
  • Date of birth and gender
  • Address history, both in Sweden and abroad
  • Civil status and information about deceased individuals
  • Foreign addresses for emigrants
  • Debt records, payment remarks, bankruptcy history, property ownership indicators
  • Income tax data spanning several years (2019–2023)
  • Activity and event logs (including income statement submissions, migration status, and address updates)

Many years of financial and behavioral data exposed

These records effectively mapped out a five-year financial and behavioral profile of Swedish citizens and organizations.

The leaked data offered a detailed, time-stamped snapshot of how both individuals and organizations function, tracking everything from address changes and income shifts to debt, tax filings, and business ties.

ADVERTISEMENT

The sheer volume and precision of the information make the dataset extremely valuable and dangerous. Banks, lenders, and compliance teams could use it for risk assessments and credit analysis.

However, for threat actors, such data opens the door to various types of exploitation. Attackers could weaponize this intelligence for everything from corporate surveillance and competitor profiling to highly targeted phishing campaigns, social engineering, or extortion.

Has my data been leaked?
Check Now

Where did the leaked data originate from?

Initial analysis of the database’s structure and field names pointed researchers towards believing that the exposed data originated from Risika, a leading Nordic data analytics firm specializing in business intelligence. The use of internal “dwh*” (data warehouse) tags and product-oriented index names matched the conventions of known Risika products.

Further investigation suggests that the Elasticsearch cluster was not operated by Risika itself but by a third party. Naming conventions and metadata patterns indicate a downstream client. Cybernews researchers believe the data may have been legitimately provided to the operator under a commercial license, only to be misconfigured and left exposed.

A responsible disclosure notice was sent to Risika on May 10th, but no response has been received at the time. The cluster was taken offline the following day. However, after the article went live, Risika recently responded to Cybernews, saying the data does not come from them.

“Our preliminary investigation indicates that the data referenced in the reported leak contains information that we do not own, store, or have access to through our business operations. This suggests that our systems are not the source of this particular data breach,” wrote the company’s spokesperson, ensuring that they are monitoring the situation closely.

After an internal investigation, the company sent a statement that its corporate data may include publicly available information that appears in registered companies' financial details, but it does not handle personal identity numbers, personal tax records, or individual financial profiles.

ADVERTISEMENT

The company claimed to have identified the data controller responsible for the data leak, and the Swedish Data Protection Authority IMY was informed about the case. Cybernews reached out for further information, but a response is yet to be received.

Updated on July 24th [07:00 a.m. GMT] with a statement from Risika.

Updated on July 28th [1:00 p.m. GMT] with the second statement from Risika.

vilius Gintaras Radauskas Paulina Okunyte Ernestas Naprys
Don’t miss our latest stories on Google News.
Google News Follow us

Disclosure Timeline

  • May 9th, 2025: Leak discovered
  • May 10th, 2025: Initial disclosure sent
  • May 11th, 2025: Leak closed
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT