Denmark faces a critical test of its data security after a Copenhagen wedding office clerk sold citizens' personal information from the national registry. A 27-year-old former student assistant at Copenhagen City Hall's marriage office received 1000 kroner each time he shared data from the CPR register, according to the prosecution. This happened 77 times, with the man facing charges for unlawfully accessing over 1000 individuals' CPR details during his employment from June 2023 until his arrest in summer 2024.
The Scheme Unfolds in Court
Monday afternoon in Copenhagen District Court, the 27-year-old sat with folded hands answering the prosecutor's questions in a clear voice. He explained that he knew he had received money for sharing CPR information concerning 66 people. The prosecution has demanded confiscation of proceeds totaling 77,000 kroner, indicating they believe he earned that amount from the illegal data sales. The defendant admits to performing the searches and selling the information but pleads not guilty to complicity in attempted murder, aggravated assault, and robbery. These additional charges stem from information he allegedly sold being used to commit attempts of robbery, violence, and murder.
From First Search to Arrest
The man began working at the marriage office in June 2023 and conducted his first unauthorized search shortly after. As I remember it, I saw a post on Telegram with someone looking for a person, so that's how it started, the 27-year-old said in court. By September 2023, he was advertising his service on the encrypted messaging platform Telegram. Is there anyone who owes you money, and you can't find them? I can help you. If you have the person's name, I can provide address, previous addresses, family members' names and addresses. Write to me, and get your money back, read the post presented in court Monday. He worked at city hall until summer 2024 when he was first arrested and later released the same day. About a year later, on July 16, 2025, police further investigated the case and arrested him again, leading to his remand in custody where he has remained since.
A Breach of Public Trust
This case exposes a profound vulnerability within a system Danes are taught to trust implicitly. The CPR register is the backbone of Danish public administration, linking citizens to healthcare, taxation, and social services. Its security is paramount for the social contract. A single individual with authorized access exploited that trust for personal gain, turning a public service role into a private intelligence operation. The breach raises immediate questions about oversight and internal controls at municipal levels, particularly for temporary or student staff with access to sensitive data. How many other positions with similar access lack sufficient auditing or supervisory mechanisms? Copenhagen Municipality must now examine all points of entry to its digital systems.
The Legal and Social Reckoning
The prosecution's serious charges link the data sales directly to violent crimes, moving the case beyond simple data theft. This connection shows how stolen personal information can fuel serious criminal activity in Danish society. The defendant's denial of complicity in the violent crimes will be a central point of contention as the case continues over six more court days this week, with a verdict expected in March. The court must determine not just punishment for the data breaches but also the legal liability when sold information becomes a tool for attempted murder. This precedent could shape how Danish courts treat the downstream consequences of data trafficking.