According to the authority, Telia has failed to apply for the correct register checks for signal protection personnel – and thus allowed a number of unauthorized persons to work with security-sensitive operations.
PTS describes the incident as “serious”, although – so far – it is not considered to have led to any damage.
“The vulnerability that arose as a result of the breach may have been exploited by an antagonist through a so-called insider attack with the aim of affecting security-sensitive operations in, among other things, the area of electronic communications. Such an impact would, according to PTS, cause damage to Sweden’s security,” the authority writes in its decision.
Will appeal
Telia has subsequently had security checks carried out in the manner required by PTS. The company will appeal the decision.
– We have security checked for the right security level and for the right purpose – however, we have done it according to a different process – which was corrected immediately when we received feedback. We are completely confident that this has in no way damaged Sweden’s security – which PTS also confirms in the decision, says Telia Sweden’s press manager Iréne Krohn to Telekom today.
PTS assesses that the lack of security clearance is due to negligence, and was noticed in connection with an audit in 2022. The unauthorized personnel worked in security class 3, the lowest level on a three-point scale.
