A software error on its tax portal government of Denmark exposed them ID numbers of 1,26 million Danish citizens. This figure accounts for one fifth of the country's total population.
According to local media, the error was discovered at the end of January, but has been around for five years (between 2 February 2015 and 24 January 2020).
But how did he expose the citizens' identity numbers?
Each time a user updated their information account in the section of the portal settings, his ID number was placed in the URL.
According to UFST, companies were able to collect the identities of 1,2 million taxpayers.
These numbers are very important in Denmark. They are used for opening bank accounts, acquiring telephone numbers and many other essential activities.
Also, reveal more data about the owner. For example, they consist of ten digits, of which the first six are n date of birth of the citizen. They also show the sex of the owner (if the last digit is a single number, the owner is a man, and if it is even, then the owner is a woman).
However, the UFST service it reassured the citizens to a certain extent, saying how only the two Companies may have collected ID numbers. Nobody else. Therefore, there is no immediate risk of using numbers for one scam.
On the other hand, several security experts in the country have called for a wider scrutiny of the source code of the tax service portal, fearing there may be other errors.
Η DXC (formerly CSC), the software company that created the portal, said that correct the error immediately after its disclosure by the authorities.
Denmark is the third Scandinavian country facing a security issue at one of the government agencies services of. In 2015, sensitive data from the Swedish Transport Agency (STA) were uploaded to in cloud and some Serb IT professionals managed to gain access. In 2018, hackers they stole medical records that belonged to about half of Norway's population.