A misconfigured cloud database has exposed hundreds of millions of sensitive business records linked to individuals and organizations in Sweden, in what experts are calling a serious lapse in data security.
The exposed server, which used the open-source search and analytics engine Elasticsearch, was discovered by cybersecurity researchers who found it accessible without any authentication. In other words, anyone with the right web address could view the trove of data.
Here’s what we know so far.
Who owns the server and what was included?
Analysis of the database’s structure and naming conventions indicates the data originated from Risika, a well-known Nordic analytics firm specialising in business intelligence. Internal tags such as “dwh*” (data warehouse) and product-specific index names align closely with Risika’s systems.
However, further investigation suggests the server itself was not operated by Risika, but by an unidentified third party—likely a downstream client or partner who had legitimate access to the data under a commercial licence, but failed to secure the infrastructure properly.
The exposed dataset, spread across 25 indices and exceeding 200GB in some cases, contained a wide range of personally identifiable and organizational information. This included Swedish personal identity numbers, legal name histories, address records (domestic and international), civil status, tax data, debt and bankruptcy history, and event logs tracking activity over several years.
The precision and scope of the information make the breach particularly concerning. While such data is valuable for financial institutions and compliance teams conducting risk assessments, it also presents serious risks if exploited by malicious actors, who could use it for targeted identity theft and phishing campaigns.
Lessons learned
The good news—if there is any breach of this scale—is that the exposed records appear to have been discovered by security researchers, not threat actors. That said, there’s no guarantee the data wasn’t accessed or exploited before the discovery was made.
What this incident highlights, above all, is the growing risk posed by misconfigurations—not within an organization’s own infrastructure, but within its digital supply chain.
In this case, a downstream partner appears to have mishandled access to highly sensitive data, underscoring the fact that even when data is shared legitimately, its security is only as strong as the weakest link in the supply chain.
With that in mind, here are the key lessons for organizations:
- Strengthen digital supply chain security: Don’t assume third parties will uphold the same security standards you apply internally. Require vendors and partners to adhere to clear, enforceable security protocols—especially when handling sensitive or regulated data. Supply chain risk should be treated as a first-order priority in your data governance strategy.
- Conduct regular audits of partners and third-party infrastructure: It’s not enough to evaluate a partner’s security posture at the start of a contract. Ongoing reviews, configuration audits, and access assessments are essential to catch misconfigurations or lapses before they lead to exposure. Build these checks into your risk management and procurement cycles.
- Deploy cloud runtime data security tools: Static controls like firewalls and access policies are no longer sufficient. Runtime monitoring tools can detect unusual activity, misconfigurations, and unauthorized access the moment they happen—providing critical visibility into where your data lives, how it’s being accessed, and when something goes wrong.
