Danish data leak exposes protected addresses of up to 73,000 citizens

A technical error in Denmark’s Motor Register may have exposed the protected names and addresses of up to 73,000 citizens over a five-year period, DR reports. The leak affects individuals who had formally requested confidentiality for their personal details.

The Danish Motor Agency (Motorstyrelsen) confirmed the breach but stated it could not determine which private companies accessed the data or how many individuals were actually impacted. Despite this uncertainty, the agency has notified all 73,000 potentially affected citizens via digital mail.

One recipient, Anders Friis—a former youth social worker and current information security coordinator—criticised the agency’s handling of the incident as “hopeless.” Friis, who previously collaborated with police on at-risk youth cases, fears his address may now be accessible to individuals who “might not wish him well.”

“How could this error go unnoticed for five years?” Friis asked, questioning why the agency lacks logs to track which entities retrieved the protected data. “It’s alarming that a public IT system has no record of who accesses citizens’ information.”

The Motor Agency first detected the flaw on 15 July 2025 but only began notifying affected individuals in April 2026—a ten-month delay Friis called “inexplicable.” In a written statement, agency deputy director Claus Holm acknowledged the severity of the breach, stating: “We deeply regret this error and took immediate action to close it. We understand the frustration, especially when it involves protected personal data.”

DR reports that the agency has not yet clarified why notifications were delayed or why system access logs were not maintained. The cause of the technical failure remains undisclosed.