Norwegian Government Portal Exposes Man’s Financial Data

16,000 people may have accessed the account of a man named Kenneth

  After the incident Altinn has been taken offline
Due to an error, all the individuals who tried to access the Norwegian tax portal Altinn at around 6:17 PM on Tuesday found themselves logged in as a 36-year-old man from Oslo named Kenneth.

Visitors would be able to see not only his financial information, but also his wife’s and the details of the company he worked for.

Due to an error, all the individuals who tried to access the Norwegian tax portal Altinn at around 6:17 PM on Tuesday found themselves logged in as a 36-year-old man from Oslo named Kenneth.

Visitors would be able to see not only his financial information, but also his wife’s and the details of the company he worked for.

According to Joakim Larsen, the tax results were published on Tuesday, March 20, at around 6 AM. Because a large number of people, around 200,000, had attempted to log in to the site in only a few hours, it crashed.

Once it was back online, all those who wanted to see their taxes were presented with Kenneth’s account. 15 minutes later the site was taken offline, but considering that 200,000 users accessed it in 3 hours, simple math demonstrates that a number of 16,666 individuals could have gained access to his account during that timeframe.

It appears that the error emerged because Kenneth logged in to his account that day and all his information got somehow stored in the server’s cache memory.

“It is unknown how long Altinn will be down, and what is being done to prevent this from happening again. Kenneth had at 8:00 PM contacted his lawyer, and refused to give any statement. Brønnøysundregisteret, the company responsible for the web portal, were assembled for a crisis meeting at 11:00 PM,” Larsen wrote.

Altinn has been going through a lot of difficulties ever since it was launched, and it seems that this wasn’t the only time it crashed. Furthermore, at the beginning of 2012, a report made by a Norvegian quality assessment and certification watchdog stated that the service was “a rushed solution.”

Brønnøysundregisteret capabilities of managing such as service were also highly questioned in the report.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.

Comments