At a press conference on Tuesday, Infrastructure Minister Anne Johansson announced that the chairman of the board of the Swedish Transport Agency, Rolf Annerberg, will step down. She said that the government is taking what has happened seriously, but placed the full responsibility for the process with the agency itself.
This comes after the minister herself, as well as Prime Minister Stefan Löfven, were reported to the Committee on the Constitution, for not informing the opposition about the security breach.
To the public, the first signs of trouble emerged in January when the Transport Agency's director general Maria Ågren was fired. At the time, it was said that this was due to her having a different view than the government on how the Agency's work should be carried out.
Six months later, it was revealed that in fact, she was responsible for an IT deal which allowed Czech and Romanian staff with no security clearance to gain access to the Transport Agency's database, which lists information about all vehicles in Sweden.
According to the news agency TT, the database included information on police and military vehicles, as well as people with protected identities and the routes of armoured vehicles, which could be transporting large sums of money.
Åberg has since been fined 70,000 SEK for revealing "secret information that may harm national security".
Information on whether the breach in fact has impacted national security has been withheld in the Swedish security services' preliminary investigation.
But according to prosecutor Ewamari Häggkvist at the Prosecution Authority's National Security Unit, the breach was serious.
"I think it's a huge problem that so many authorities do not take security precautions seriously, including the Transport Agency in this case," she told Swedish Radio on Tuesday.
Häggkvist added that it is not illegal for foreign companies to provide IT services to the Transport Agency, but that it must be handled in the right way.
Swedish Television reports that the Transport Agency's president Rolf Annerberg knew about the breach as early as 2015.