The security breach occurred in March 2015, when the Swedish Transport Agency outsourced the handling of its IT system to IBM, whose staff in Eastern Europe oversaw the operation.
According to Expressen, sensitive information including the entire registry of Swedish drivers' licenses and data on protected identities was accessible to people who had not been vetted by the Swedish security service. The Prime Minister was not made aware of the breach until January 2017.
The Transport Agency said its former director-general, Maria Ågren, had approved the outsourcing contract even though it breached security and privacy laws. Ågren has since been fired and fined 70,000 krona (about $8,500).
"We have no indications pointing at that data was disseminated improperly, so we do not see any direct cause for concern," the Transport Agency said on its website.
According to Expressen, Ågren's line of defense at an official hearing in March was that the "departure from current legislation," which she approved, was acceptable and that such decisions "had been made before and that it was part of a process you could apply when needed." She also contended that she had not been sufficiently briefed on the security aspects of the role and had done her best under those conditions.
An alliance of opposition parties called this week for a vote of no confidence, targeting three government ministers affected by the scandal, to be held in 10 days' time.
Two of them, Interior Minister Anders Ygeman and Infrastructure Minister Anna Johansson, have now resigned, Expressen said. However, Defense Minister Peter Hultqvist remains in his post and is still under threat from the no-confidence motion.
IBM declined to comment to CNN.