At the end of May, one of Strängnäs municipality's IT technicians discovered a security defect in the municipality's new system for electronic financial aid applications.
Approximately 500 applications for support payments were unprotected on a server and could be made available to unauthorized persons.
The municipality writes in its lex Sarah notification to Ivo that it is about names, social security numbers and other sensitive information.
- We see it as very serious that it has left data unprotected in this way in the system. That's why we took action right when we discovered it, says Social Manager Agneta von Schoting.Still not entirely sure
According to the municipality, it has only been possible to access the information if someone has known the link for each specific application.
After the security breach was discovered, the municipality has moved the applications to another server. The supplier has since installed a temporary solution that deletes the data in the system once a day.
But the municipality believes that the system is still not sufficiently secure and is therefore considering switching suppliers.