It was reported by DN who received a copy of the Swedish Security Service's (Säpo) preliminary investigation [0]. My translation of a few paragraphs from the article:
"Swedish IBM used up to 11 subsidiaries and subcontractors in different countries, among them Romania, Croatia, Czech Republic and Serbia. ``But how the data would flow she did not understand'', witnesses a consultant who evaluated IBM's offer before the contract signing.
The ones who got "the keys to the kingdom" where three IBM administrators in Czech Republic, with full access to all data and logs. It meant the possibility to copy and distribute data and then remove all traces.
The computer systems' various firewalls and all communication were handled by a company in Serbia where 14 named persons became administrators, they, too, without a security check."
"Swedish IBM used up to 11 subsidiaries and subcontractors in different countries, among them Romania, Croatia, Czech Republic and Serbia. ``But how the data would flow she did not understand'', witnesses a consultant who evaluated IBM's offer before the contract signing.
The ones who got "the keys to the kingdom" where three IBM administrators in Czech Republic, with full access to all data and logs. It meant the possibility to copy and distribute data and then remove all traces.
The computer systems' various firewalls and all communication were handled by a company in Serbia where 14 named persons became administrators, they, too, without a security check."
[0] http://www.dn.se/nyheter/sverige/statliga-hemligheter-kunde-...