2014 Se og Hør media scandal



The 2014 Se og Hør media scandal (Danish: Se og Hør-sagen), also known as the Nets-scandal (Danish: Nets-skandalen) or the hush-hush scandal (Danish: tys-tys-skandalen), was a media and IT surveillance scandal in Denmark that broke in 2014. An IT professional employed at IBM leaked sensitive personal data from the Nordic payment services company Nets to the Danish gossip magazine Se og Hør, which allowed the magazine to obtain information on celebrities' and other individuals' use of credit cards.

The scandal came to public attention late in April 2014 after the publication (in Denmark) of the journalist and author Ken B. Rasmussen's roman à clef Livet, det forbandede (English: Life, the damned). A large number of organisations and media groups were ultimately involved, including Nets, IBM, Nordea, Fujitsu, SAS, Naviair, Rigshospsitalet, the Danish armed forces, TV 2, Ekstra Bladet, and Aller Media with their magazines Billed-Bladet and Se og Hør.

Background
Se og Hør, which is published weekly, has long carried revealing stories about celebrities. The magazine had previously had "an amicable relationship with the famous", where subjects could prevent the publication of negative stories about themselves. This attitude is perceived to have changed with the appointment of Henrik Qvortrup as editor-in-chief, with Ken B. Rasmussen commenting that "we had no ethical standards that had to be upheld as a matter of life and death". Qvortrup introduced a monetary reward for members of the public who phoned the magazine with tip-offs that lead to published stories. The magazine's owner, Aller Media, would pay up to DKK 10,000 cash-in-hand to sources.

The surveillance


In 2007, Nets outsourced the maintenance of their central IT systems to IBM, which included the transfer of 71 workers. Se og Hør's so-called hush-hush source is believed to have been amongst the transferred workers. The surveillance of celebrities by this source is believed to have begun in 2008. According to investigations in the media, the source received a text message whenever a tracked celebrity used their credit card. The message was possibly sent automatically and could be received by the source at home. Soon after, the source would forward the text to journalists at Se og Hør. This may have been repeated several times a day. The source was apparently unable to add names to the list of tracked celebrities freely; only at certain times could the list be expanded with the names of new persons, after which they would also be under surveillance. Journalists at Se og Hør could suggest new names to the source, which was referred to internally as "bidding".

It was initially uncertain how the surveillance was technically accomplished, but the programmer and IT-blogger Poul-Henning Kamp made the educated guess that it involved an existing "trace" facility in the Nets credit card handling system. Under normal circumstances, this system was only available to police with a court order to track wanted criminals. Kamp suggested that the system involved a real-time SMS service sending text messages directly to the police, which would reduce the paperwork burden for both the police and Nets. It remains unclear whether either of Nets or IBM had a functioning Security Information and Event Management (SIEM) system monitoring their credit card infrastructure. However, IT experts concluded that there was evidence for the absence of a competent system and commented that such a system should have detected the irregularities. During proceedings at Østre Landsret in July 2014 and at the Supreme Court in December 2014, the prosecutor presented their understanding of how it was possible for the source to obtain sensitive data. According to state barrister Mohammad Ahsan, the source had access to data about card transactions but not associated names. Ahsan further commented that it would have been possible to match names to transactions by the source resetting colleagues' passwords and then logging in via their accounts.

According to Ken B. Rasmussen, "anyone with even the slightest reputation" was under surveillance. As well as celebrities, this included murder suspects and accident victims. At least 86 people had personal information about them leaked by the source. High-profile victims included Prince Joachim, the comedian Casper Christensen, and the TV host Line Baun Danielsen. In Prince Joachim's case, the surveillance allowed Se og Hør to locate the Prince and Princess Marie on their otherwise secret honeymoon to Canada following their marriage in May 2008. Baun Danielsen's payment at a private hospital was leaked. The former professional cyclist Bo Hamburger (who had previously attended school with the alleged source) was also a victim. The magazine debated whether credit card transactions detailing the politician Morten Helveg Petersen's travel around Europe by plane, including hotel bookings in Rome, were sufficient grounds for a story. These leaks by the source did lead to Rasmussen writing a story for the magazine in 2008 titled Morten Helveg Petersen: Kærlighedsferie betalt af skatteyderne (English: Morten Helveg Petersen: Love holiday funded by taxpayers), which used the leaks to detail Helveg Petersen's personal relationship with Baun Danielsen during an official NATO meeting. At the time, Helveg Petersen demanded a retraction of the story and bought the case before the Danish Press Council, where he lost in October 2008. Several individuals under the protection of PET were also affected: former Prime Minister Lars Løkke Rasmussen had his card transactions leaked, while Pia Kjærsgaard and her husband Henrik Thorup additionally had their CPR numbers and secret home address leaked.

In Spring 2010, PwC carried out an inspection of IBM's running of Nets' NemID. The report highlighted several problems with access and credential handling. It is unknown when Nets and IBM were last inspected by the Danish Financial Supervisory Authority; no publicly released inspections have occurred since 2010, and inspections were not publicised before that date.

According to Ken B. Rasmussen's novel, the source received DKK 10,000 per month, for a total payment of DKK 310,000 over the course of the surveillance. The source was also provided with access to concerts through Se og Hør''s press credentials, including to the TV 2 event Top Charlie. They attended an after-party with guests including Keld and Hilda Heick.

At least 16 employees at Se og Hør, including the editors-in-chief Henrik Qvortrup and Kim Henningsen, were aware of the source's existence. Additionally, the parent company Aller Media's management were aware. In emails from 2011, the Aller Media publishing director Per Ingdal acknowledged awareness of the source from 2009 and instructed Henningsen to cease working with the source. A separate email implicated creative editor Steffen Sørensen and photo editor Peter Grosen in the case. However, according to Se og Hør journalist Kasper Kopping, the source was further used until the then news manager Lise Bondesen ordered a complete stop in Autumn 2011. Ken B. Rasmussen left the magazine in 2012.

The photographer Michael Medgyesi, who worked as a freelance photographer at Se og Hør, warned Nets as early as 18 January 2013 that journalists at the magazine had access to sensitive credit card transactions. Nets initiated an investigation as a result but found nothing. Medgysei had also previously (in 2011) contacted PET regarding the unlawful access. At the time, PET called a meeting but found no justification to continue investigating. Medgysei's suspicions were initially aroused by three overseas photo assignments in 2008 and 2009, where he was given information by the magazine on the locations of Janni Spies, Anni Fønsby, Stein Bagger's daughter, and Bagger's partner Annete Uttenthal.

The source had authorised access to the NemID system as part of their work, and logged on to this at least once. Additionally the source had FE security clearance to work with the Danish armed forces' IT system DeMars, which had been outsourced to IBM in 2010. One of the source's department's responsibilities was to monitor DeMars. The armed forces found no evidence that the source misused access to the system.

Following their employment at IBM, the source consulted for Fujitsu. This included work for Fujitsu's client Nordea immediately up to the breaking of the scandal. At Nordea, the source had access to internal monitoring systems and performed maintenance on them if they stopped working. Nordea felt satisfied that the source did not leak personal information using their access there.

Breaking of the scandal
Ken B. Rasmussen's roman à clef was scheduled for release on 29 April 2014. However, a few days prior to this, BT broke the scandal after finding documentation for the parts of the book based on fact. The then former Se og Hør journalist Kenth G. Madsen confirmed to BT that the magazine had a source for credit card transactions, which was later corroborated by the then current Se og Hør journalist Kasper Kopping.

The scandal drew large coverage in the media. Even the royal household issued a statement, calling it "an especially serious case". Rasmus Mark Pedersen, the Director of Journalists for the Danish Union of Journalists, was "completely shocked" and believed the scandal was "without equal the worst case in the history of Danish press". The victim Pia Kjærsgaard described the surveillance as "incredibly uncomfortable", while the additionally monitored Morten Helveg Petersen felt it was "crossing a line", "wildly uncomfortable" and "extremely offensive". He also compared Se og Hør's actions to "pure Stasi methods".

IBM called it "a very serious case" and wrote in an announcement that it would carry out a "complete investigation". Following this, it followed a policy of very sparse communication regarding the scandal.

Se og Hør's former chief editor Henrik Qvortrup initially denied any knowledge of the case. However, a few days after the breaking of the scandal he resigned as a political commentator for TV 2, and shortly after that BT published emails that implicated Qvortrup in the surveillance program.

On 1 May 2014, Se og Hør opted to suspend and send home (with full pay) 7 employees that were seemingly involved in the surveillance. Additionally, Billed-Bladet suspended two of their employees, including an editor-in-chief. This was after it was revealed that the employees had, under previous employment at Se og Hør, received emails about the source. Ekstra Bladet suspended their editor-in-chief Lise Bondesen for the same reason. While suspended, Bondesen wrote an article in Ekstra Bladet giving her version of events, and she resigned on 2 May 2014.

On 19 June 2014, Ekstra Bladet revealed that the so-called hush-hush source had confirmed his identity to the police. He subsequently demanded anonymity but this was rejected by the judge at Retten i Glostrup with reference to "the circumstances surrounding the charge's severity and the very significant media coverage of, and public interest in, the case about Se og Hør".

Aller Media had not reported their editorial database to the Danish Data Protection Agency and were therefore possibly not protected by press data protection laws. This could have meant that individuals registered in the database has a right to obtain the information held about them. Politiken reported that the victim Casper Christensen considered using this to force Aller to release his data.

Further fallout
Complementing the hush-hush source revelations, a previous employee at Nets described how customer service team members had, without additional training or checks, complete access to all customer data from their very first working day. The employee felt that there was insufficient monitoring to prevent misuse and commented: "It was normal to look at what ex-partners and celebrities were using their cards for. Or to see if your partner that had supposedly quit smoking had been to the shops to buy cigarettes anyway. If your friends were out on the town, you could see where they were."

For a short period prior to the scandal, Nets had outsourced their customer service department to Aditro. A former Aditro employee noted that the external workers had also had full access to Nets' payment information.

The media revealed further leaks of sensitive data from companies other than Nets and IBM. Employees at Se og Hør stated that the magazine used a paid source at the airline SAS. Naviair discovered that an employee leaked information about a royal household flight to the magazine. Several former Se og Hør employees stated that the magazine had a source at Rigshospitalet that provided information about celebrities' maternity ultrasound scans, including those of Anders Lund Madsen's pregnant partner. The pair sued the magazine and were awarded DKK 100,000 in compensation. According to the hospital, Se og Hør's editor-in-chief denied that any of the hospital's employees had received payment from, or leaked information to, the magazine. After an internal investigation, the hospital concluded that the leak had probably occurred via a third party. The singer Rasmus Nøhr described an experience following his searching by police that he believed could indicate leaks from the police to Se og Hør. Henrik Qvortrup told the police that the magazine had sources at the police, the army, Copenhagen Airport's control tower, and amongst nurses. Several then-current and -former Se og Hør employees additionally described how, prior to October 2003, the magazine had plans to purchase bugging and listening equipment. This would have been used to access Prince Frederik's telephone but Qvortrup insisted that the plans were abandoned. Casper Christensen also described how magazine employees pretended to be house buyers or family members in order to photograph celebrities' houses.

In 2009, several years before the scandal, the former Se og Hør employee Peter Kaae published his book I sandhedens tjeneste (English: In the service of truth). This revealed that the magazine had a source at a telecommunications firm, who was used in 1996 for stories about the professional cyclist Bjarne Riis and the handball player Anne Dorthe Tanderup. The magazine had also received a CD containing private telephone messages between the politicians Mariann Fischer Boel and Ivar Hansen. It quickly became apparent that the magazine had used illegally collected sensitive data over a large time period prior to the scandal.

Investigation and inquiries


The police investigated the case. Nets headquarters are located in Ballerup and as such the responsible department was Copenhagen's Vestegns Politi. In the days immediately following the breaking of the scandal, the police visited both IBM and Nets to investigate whether any offences had been committed. However, they were unable to determine whether a crime had taken place. IT equipment was seized from Aller Media, which led the organisation to fear that the police would identify other sources that had been used by its child publications throughout the years. The police interviewed Ken B. Rasmussen under the same procedures as if he were a suspect. Morten Helveg Petersen, then Det Radikale Venstre's candidate for the European Parliament, additionally reported Aller Media to the police. A number of other celebrities that had allegedly been monitored also made police reports via the lawyer Brian Werner Larsen. These initially included Casper Christensen, the actor Mads Mikkelsen, Iben Hjejle, Pell Hevnegaard, and Rigmor Zobel and her husband Jesper Ravn. The Norwegian Lene Nystrøm later joined the group represented by Larsen.

A problem of principle regarding the police's conduct arose when computers, telephones, and other equipment were seized from Aller Media; these could have contained information relevant to the investigation but could also reveal the identities of press sources unrelated to the case. Aller Media argued to the court (Retten i Glostrup) that by seizing items, the police were violating source protection. On 17 June 2014, the court ruled that the police could examine the material, which Aller Media responded to by appealing to the Landsret (high court). At the time Østre Landsret followed the previous court but in July 2014, the Højesteret ruled that the police could in fact not investigate the seized material until the main case, which later began in December 2014, had concluded in the same court. However, the state prosecutor indicated that they believed the police would be unable to satisfactorily investigate parts of the scandal if they were not allowed to use the material. Concretely, the police wished to search for the words "nurse", "police", and "source". The investigation met further problems when one of the involved persons was declared too ill to be interviewed.

In January 2015, the Højesteret came to a ruling in the main case that gave the police the right to search Aller's digital storage. The ruling stated that:

"After considering the concrete circumstances of the case, including the nature of the illegal activity and the seizure's significance in possibly casting light on these activities as well as the lack of societal impact of releasing information about the celebrities' private lives, the Højesteret decided that adherence to source protection must be waived in favour of furthering investigation of the illegal activities. The seizures were therefore in agreement with both the Retsplejelov [court procedural law] and the European Convention on Human Rights."

Copenhagen's Vestegns Politi consequently began searching the material, which filled 13 terabytes.

The Danish Data Protection Agency also investigated to determine whether Se og Hør had violated Danish privacy law. They chose not to investigate Nets because that company instead fell under the jurisdiction of the Danish Financial Supervisory Authority. Additionally the Digitaliseringsstyrelse (Agency for Digitisation) demanded a statement from Nets regarding the security of their handling of NemID.

Nets themselves carried out an internal investigation and published their initial findings on 5 May 2014. They acknowledged the finding of "patterns in behaviour indicating that abuse may have occurred" and stated that the illegal actions appeared to have been carried out by an IBM employee. Later findings were passed directly to the police without public announcement. The police, Nets, and IBM all investigated not just the apparent credit card information leakage to Se og Hør but also whether any further leaks had occurred, especially any involving NemID.

The insurance agency Topdanmark demanded an explanation from IBM, which they used for IT services.

Aller Media initiated an external investigation led by the lawyer Henrik Stagetorn and PwC employee Mikkel Sthyr. The results were initially expected within a few weeks. However, the impartiality and extent of the investigation was quickly criticised. Aller Fonden owned over 50% of the shares in Aller Holding A/S; the director of the former, law professor Linda Nielsen, chose to resign as she did not believe the investigation was sufficiently thorough. The investigation was weakened by the non-cooperation of several of the involved parties, including the former Se og Hør journalist Kasper Kopping.

The leaks of information to Se og Hør from SAS and Copenhagen Airport led to transport minister Magnus Heunicke ordering an investigation by the Danish Transport Authority.

Reaction of the parliament


Several members of the Folketing officially asked questions regarding the case. Amongst others, in May 2014 Enhedslisten's Pernille Skipper asked the Folketing's Retsudvalg whether PET had received tip-offs in connection with the surveillance. PET's answer via the Ministry of Justice confirmed that tip-offs had been received as early as November 2011 stating that "Se og Hør apparently have access to certain information about celebrities' flights and credit card usage". The then Justice Minister Karen Hækkerup commented that it was "a damn shame" that PET had dropped investigation into the case.

The Se og Hør case and various other incidences of problematic personal data protection led to the Folketing's Retsudvalg and Kulturudvalg requiring the government to accept extra binding security responsibilities in June 2014. This caused the creation of two working groups to, amongst other activities, investigate the possible need for an IT minister.

Charges and sentences
The law professional Oluf Jørgensen commented that based on the details published in the media immediately after the breaking of the scandal, he believed that legal "aggravating circumstances" were at play in the case. Frans Mortensen, another legal expert, was in agreement and specifically thought it probable the Danish Penal Code's paragraph 263 would apply. This allows for up to 6 years of imprisonment. This was significant because unless aggravating circumstances could be proven, it would be impossible to prosecute Se og Hør's former chief editor Henrik Qvortrup; having left the magazine in 2008, he was protected by the statute of limitations in the event that he had been sufficiently involved to draw charges.

On 6 May 2014, the alleged hush-hush source himself was charged and attended a hearing under paragraph 263 of the Danish Penal Code. However, the police expected to prosecute several other persons and indeed Henrik Qvortrup was charged and heard a few weeks later. Se og Hør's former news chief Lise Bondesen was charged in late June. By December 2014, a total of eight persons had been charged in connection with the case: the source, Ken B. Rasmussen, Qvortrup, former chief editor Kim Henningsen, editor Per Ingdal, journalist Kasper Kopping, Bondesen, and Aller Media A/S (as a juridical person).

In November 2015, 20 days in Autumn 2016 (distributed between 9 September and 24 November) were set aside for court proceedings related to the case. In July 2016, eight persons and Aller Media A/S were indicted (under Danish law, charging is distinct from indictment, with the former being an indication by police that they believe an individual to have committed a crime and the latter being the public prosecutor's office's filing of intention to prosecute to the court). Among those indicted were Qvortrup, Henningsen, Ingdal, Kopping, and the source. The court at Glostrup announced the verdict on 24 November 2016. Ingdal received a not guilty verdict. Qvortrup was sentenced to one years' suspended imprisonment, three months' unconditional imprisonment, and 200 hours of community service. Henningsen received one year's suspended imprisonment. Rasmussen and Kopping both received suspended sentences of four months. The source was sentenced to one year and six months' unconditional imprisonment; they appealed but the sentence was upheld at Østre Landsret on 8 August 2017. Finally, Aller Media were ordered to pay a fine of DKK 10 million.

In 2017, a lawyer representing 19 of the surveillance victims sued Aller Media for DKK 6 million.

Wider context


The case concluded whilst Gottfrid Svartholm was under remand in Denmark, accused of cyber crimes against Danish authorities and companies; at the same time, foreign media continued to report on Edward Snowden's leaks about state surveillance.

The scandal broke during a time where Aller Media were experiencing a fall in the readership of many of their magazines. Following the revelations, Se og Hør's print circulation fell by over 18,000 to below 100,000. The magazine's reader numbers (in print and online) also fell with 100,000 fewer readers in the 2nd and 3rd quarters of 2014 compared to the same period in 2013. The scandal affected Aller's profits; the company reported a deficit of almost DKK 8 million for the financial year 2013/2014. Journalists had in the past been found to be one of the least trusted professions in Denmark, and the scandal led to a further decrease in publicly perceived trustworthiness.

Media debate
The wider use of rewards for tip-offs by the tabloid press was debated. Culture minister Marianne Jelved described the rewards as unethical but conceded that they were not illegal and that she therefore did not wish to become involved in regulatory changes. Se og Hør's chief editor Nils Pinborg initially defended the rewards but later chose to suspend the system after Jelved's comments. Ekstra Bladet had a similar system, which chief editor Poul Madsen chose to continue. However, Ekstra Bladet's rewards of between DKK 500 and 1,000 were significantly lower than those at Se og Hør. In contrast, other Danish media including DR, Politiken and Fyns Amts Avis do not pay their sources. Politiken in particular does not consider source payment to be "a trustworthy and ethical way to work".

The independent press regulator decided not to initiate an investigation since they did not consider the revealed details explicit evidence that Se og Hør had used sensitive information. It did however encourage "the press to itself consider the question of paid sources and to decide whether there is a need to enshrine more specific advice in the guidelines about good press etiquette followed by the press itself". In a continuation of this announcement, the chief of the Danish Union of Journalists, Mogens Blicher Bjerregård, stated that he personally did not consider "paid sources to have a home in journalism".

Aller Media had not registered its editorial database and was not alone in this. Other unregistered Danish media included Metroxpress, Berlingske Nyhedsbureau, Nordjyske Stiftstidende, Søndagsavisen, Ingeniøren, Radio24syv, and several of the regional divisions of TV 2. These organisations were thus in possible conflict with data protection legislation. The head lawyer at the journalism trade association Danske Medier believed there could be a "potentially huge problem" if many people exercised their right to have their information deleted from the unregistered databases.

As a result of the Se og Hør case, politicians suggested a tripling of both the fines in press-related legal cases and the prison sentences for libel. Bent Falbert, a former editor-in-chief at Ekstra Bladet, called this "an uncivilised measure" and suggested that the freedom of the press in Denmark was in danger.

IT security


Banks and providers of credit card payment services are usually expected to have very effective IT security. Nets, along with all other payment service providers, must be certified under the Payment Card Industry Data Security Standard (PCI DSS) and when the scandal broke had last been certified in 2013 by the British firm Foregenix. However, the security emphasis is on protection of card numbers as opposed to the transaction data leaked by the source. Furthermore, the standard does not deal with attacks by insiders with system access; employees must therefore be implicitly trusted by the service provider. The Danish Financial Supervisory Authority, which is responsible for regulation of IT security at 407 financial organisations operating in Denmark, had performed very few inspections in the period leading up to the leaks; from 2008 to the breaking of the scandal in 2014, just 29 inspections of any firm had been carried out in total. Commenting on these numbers, Venstre's business spokesperson Kim Andersen said that he "thought this area appeared to be seriously underprioritised and that the responsible ministers should have egg on their faces". Lars Pram, the director at the consumer rights organisation Forbrugerrådet Tænk, considered the inspection record to be "quite simply not good enough".

In a comment on the case, Poul-Henning Kamp wrote that "insiders are always the greatest threat" but also noted that "there are simply some people that must be trusted ... it isn't more complicated than that". Kamp suggested that such security workers should be given a sufficient salary and employment benefits with "freedom under responsibility and mutual trust and understanding". Additionally, he recommended peer review of any system work to spot irregularities.

The Se og Hør case, together with Gottfrid Svartholm's charges, demonstrated that personal data could apparently be copied form domestic mainframes without Danish IT security professionals noticing; it was respectively journalists and the Swedish police that spotted the problem. Kamp specifically considered the use of IBM's mainframes by companies to be "deeply, deeply out of date" and that they should be "out of Danes' private lives". He commented on problems with IBM's mainframes, security model, software and general IT organisation:

"It has reached the stage where it is impossible to configure and maintain an IBM mainframe without giving IBM's workers wide-ranging access, and therefore more and more firms struggling with mainframe-based IT are choosing to outsource maintenance to IBM in the first place."

IT security expert Peter Kruse from CSIS Security Group did not consider the Se og Hør case to be an isolated one and wrote regarding IT outsourcing that his "general impression was that IT leaders at different levels, and not least IT security leaders in Denmark, have found it unusually difficult to get budgets allowing measures controlling whether contractors live up to companies' own security policies and expectations". As an example, the Danish Data Protection Agency confirmed that in two cases they experienced councils not knowing where citizens' personal data was after outsourcing to private IT companies.

Journalist Dorte Toft called for a more active role for the Data Protection Agency and hoped that a new EU directive on data protection would come into force.

Surveillance debate
The Danish activist Peter Kofod, writing on the Danish blogging platform DenFri in a post titled "En dybfølt tak til Se & Hør" (English: "A heartfelt thanks to Se & Hør"), commented that while Edward Snowden's NSA leaks provoked a subdued response amongst the Danish media, politicians, and "gossiping class", the Se og Hør case shifted media focus to surveillance and caused a number of influential people to recognise this surveillance as a problem. Kofod's opinion was reflected in an editorial by Information's editor-in-chief Christian Jensen, who called the contrast in reactions "surveillance hypocrisy". Berlingske journalist Mads Kastrup wrote:

"Currently, the greatest irony is that for several years we have been those asking ourselves what kind of story would be needed to make the public and politicians take surveillance, massive control of citizens, and the risk of abuse of personal and private data seriously..."

and noted that the use of the hush-hush source by Se og Hør was exactly such a story.

A week after the scandal broke, Edward Snowden wrote a piece for Berlingske that remarked "[t]he Se & Hør allegations are a reminder that until the Folketing takes action to get to the bottom of the mass surveillance problem, our rights are risk".

Altinget.dk's editor-in-chief Rasmus Nielsen wrote that "the Nets scandal is unfortunately just another step in the weakening of the citizen compared to the state, search egines, data harvesting and so on". He gave another example of public workers' access to the CPR database.

The revelations about the hush-hush source appeared the same weekend that Berlingske began a series of articles on surveillance under the title "Sporet" (English: "The trail"). As a way of encouraging debate about data registration and logging, the minister Sofie Carsten Nielsen and the Folketing member Jens Joel agreed to allow the newspaper to harvest their personal data. The paper managed to obtain 2,047 Dankort transactions, 18,047 emails, 313,303 telephonic data (including SMSs and phone logs), flight bookings, tax information, and private pictures. Berlingske's access, however, appears to have been far more wide-ranging than that used by the hush-hush source. The Folketing's foreman called the series "an interesting experiment" and hoped that it would pave the way for "a much-needed debate" about the Danes' data. However, discussion of "Sporet" was almost entirely swamped by the hush-hush source revelations.

Another dimension to the Nets case appeared a few days before the hush-hush source revelations became public; in the US, a judge ordered Microsoft to surrender personal data from their European data centre to the American authorities. Microsoft appealed and the order was upheld late in July 2014 at a district court. Danish legal professionals specialising in IT worried that this opened the possibility for American-owned firms operating in Denmark, such as KMD and CSC, to be forced to supply American authorities with Danes' personal data. This could, for example, be data from borger.dk (Danish state self-service portal) or the CPR database. Nets had, at around the same time, been sold to an American private equity firm, leading to rumours that Nets would also be subject to American law. In the Folketing there was little agreement on which jurisdiction Nets was subject to; the Social Democrats' business spokesperson Benny Engelbrecht maintained that Danish data security law applied indepdenpent of the owner while Enhedslisten's Frank Aaen took the Microsoft case to mean that "there is no doubt that if Nets has American owners, then Nets will automatically fall under American legislation".

Similar cases
The case had several similarities to the earlier and infamous News of the World phone hacking scandal, the latter of which was referred to by the politician Ellen Trane Nørby when commenting on the former.

Aller Media has previously experienced similar problems with the Norwegian version of Se og Hør. That scandal broke when the Norwegian Se og Hør-journalist Håvard Melnæs published (in Norway) the book En helt vanlig dag på jobben (English: Just a normal day at the office), in which he revealed that the magazine paid cash to sources at credit card companies and airlines. The existence of the sources was confirmed in a note by the editor-in-chief of the Norwegian Se og Hør Odd Johan Nelvik.

In April 2014, another case came to public attention; a well-known 33-year-old DJ from Copenhagen allegedly used a trojan to hack a wide range of celebrities' computers, gaining access to files and webcams. Investigations in the media found that 182 people had been hacked and that the offences had taken place from August 2012 to March 2014. As with the hush-hush source, the DJ was charged under the Danish Penal Code's paragraph 263 section 2.