Part of the job of Margrethe Vestager (Radikale), the interior and economy minister, is to assure the safety and integrity of the social security (CPR) numbers of the country’s residents. But over the weekend, she was given a scary lesson on just how easy it is to obtain a CPR number illegally. In less than two minutes, a reporter for TV2 News went online, and by searching Vestager’s name and birthday, was able to obtain the last four digits of the economy minister’s CPR number. That information could leave an unsuspecting victim vulnerable to identity theft or other abuse.
“I feel just like anyone would when information that I thought was personal winds up in someone else's hands,” a shocked Vestager told TV2.
Vestager said earlier in the month that she believed that web security protecting CPR numbers was sufficient, despite the concerns of security experts that breaches were not only possible but as easy as knowing someone’s name and birthday.
In spite of her own number popping up in less time than it takes to boil an egg, Vestager said that she still believes that the system works.
“Websites where CPR numbers can be hacked in a short time obviously have security problems, which is why we must follow up,” said Vestager. “If a company cannot get its security in order, we will help them. If it does not improve, they will lose access to the CPR registry.”
Security experts have said that online access to CPR numbers should be banned.
Although the numbers sometimes become public through a mistake in the public or private sector, people often give up their own information by including it on their CV or other information that they put online, making it easy to find via search engines like Google.
Suspected abuse of a CPR number should be reported to Datatilsynet, the agency in charge of data protection.