A glitch in the TastSelv Borger tax service has sent over one million Danish CPR numbers to the US companies Google and Adobe.
The Danish Agency for Development and Simplification has discovered the data leak that involved the TastSelv Borger service, which is managed by the US company DXC Technology.
The TastSelv service allows everyone with a tax liability to Denmark to view and change his tax return, annual statement and pay residual tax.
Data, including CPR numbers, have been exposed for almost five years before the data leak was discovered.
“We take this kind of case very seriously. And of course we need to be able to make sure that our suppliers handle all data according to applicable law and within the framework agreed upon with them.” states the Government Agency.
The good news is that according to the Agency, data was encrypted, it also added that Google and Adobe were not able to see the CPR numbers.
“Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. Thus, no user information is shared with Google in this process.” Google told the DR News website that first reported the news of the data leak.
Peter Kruse, cyber security expert and founder of the CSIS group, explained that Google had access to 1.2 million Danes’ CPR numbers because they were in plain text.
“The data received by Google is unencrypted. Google has been able to read data in unencrypted form, he estimates.” explained Kruse.
“Google has accessed 1.2 million Danes’ CPR numbers.“
Support the originator by clicking the read the rest link below.
