A database containing entire behavioral and financial profiles of people and businesses was left unsecured onlineResearchers claim it belongs to a Danish fintech firmThe firm denies having anything to do with the archiveAn enormous database, containing millions of highly sensitive information on Swedish citizens, was sitting on the open internet, available for anyone who knew where to look.Cybernews researchers recently uncovered a misconfigured Elasticsearch server which they described as a “goldmine of business intelligence data”, containing hundreds of millions of highly detailed records belonging to Swedish individuals and organizations.It was attributed it to a business intelligence specialist, but the company denied having anything to do with the archive.Who owns the data?In total, the data created a detailed financial and behavioral profile of both citizens, and organizations, in Sweden.Overall, it contained more than 100 million data records, generated between 2019 and 2024, and spread across 25 indices.This contained people’s names (including history of previous names), Swedish personal identity numbers, dates of birth, gender, address history (both locally and abroad), civil status, information about deceased individuals, foreign addresses (for emigrants), debt records, payment remarks, bankruptcy history, property ownership indicators, income tax, activity and event logs, financial data, and behavioral data.Cybernews’ researchers attributed the server to Risika, a Danish fintech company offering real-time credit assessment, risk monitoring, and financial risk intelligence for businesses.They claim the use of internal “dwh*” tags, and product-oriented index names “matched the conventions of known Risika products”.However, the researchers also claim the database was likely operated by a downstream third-party, after Risika “legitimately provided” the data under a commercial license, “only to be misconfigured and left exposed”.The researchers reached out to Risika, and the database was locked down the following day.In the meantime, the company replied, stating that it had nothing to do with the archives:“Our preliminary investigation indicates that the data referenced in the reported leak contains information that we do not own, store, or have access to through our business operations. This suggests that our systems are not the source of this particular data breach,” the company’s spokesperson told the researchers.You might also likeOver 16 billion records leaked in "unimaginable" major data breach – here's what we knowTake a look at our guide to the best authenticator appWe've rounded up the best password managers