Candidates in Denmark’s upcoming general election are making it “as easy as possible for foreign actors” to target them by exposing personal data online, writes the Danish fact-checking media and NORDIS partner TjekDet.
An investigation by TjekDet shows that candidate lists contain extensive personal information. This includes emails, phone numbers and social media links that can be cross-referenced with data leaks and open sources.
In several cases, this allows sensitive and potentially compromising information to be linked to candidates, ranging from passwords and private contact details to connections with services such as dating platforms, cryptocurrency sites and other personal activities.
According to cybersecurity researcher Ole Willers from Copenhagen Business School, the findings are serious in a geopolitical context marked by growing tensions and active foreign interest in influencing elections.
“We live in a world of geopolitical polarization, where foreign powers clearly seek to influence elections,” he says.
Danish authorities share that concern. The Danish Security and Intelligence Service (PET), the Defence Intelligence Service (FE) and the Agency for Social Security have warned that it is “highly likely” Denmark is a target for foreign influence operations – including efforts that could target specific candidates and political parties.
Data leaks increase risk of pressure and manipulation
TjekDet’s analysis shows that many candidates still rely on private email addresses, some of which have appeared in multiple historical data breaches. In other cases, parliamentary work emails have been used for private purposes, increasing exposure.
By combining leaked data with publicly available information, it becomes possible to map candidates’ digital footprints in detail. This can include reused or weak passwords, private phone numbers, home addresses and other personal data.
While it is not confirmed that all leaked credentials are still valid, the patterns point to poor security practices – including password reuse and long-term exposure across multiple platforms.
According to experts, such vulnerabilities can be exploited not only for hacking, but also for targeted influence operations, including harassment, disinformation or attempts at blackmail.
Late warnings as campaign is already underway
Authorities have issued guidance to candidates, recommending stronger password practices and the use of services to check whether personal data has been compromised in leaks.
However, the guidance was published after candidate lists were already public, meaning that exposure may already have occurred.
TjekDet notes that the problem cuts across political parties and affects both new candidates and sitting members of parliament.
Foreign actors may exploit vulnerabilities
The broader concern is that exposed personal data can be weaponised in influence campaigns.
Authorities warn that foreign actors may use proxy networks to target candidates directly or disrupt election campaigns.
At the same time, Denmark has already experienced cyberattacks linked to pro-Russian actors targeting websites, and authorities consider it likely that election periods can be used to intensify such activities.
The combination of publicly available personal data, past data leaks and geopolitical interest creates what experts describe as a significant vulnerability in the digital landscape surrounding the election.