A 27-year-old former student assistant at Copenhagen Municipality faces trial for systematically harvesting 1,598 CPR numbers and addresses from the national register, then allegedly selling the data to criminals for extortion, violence, and a planned murder. The trial begins Monday, spotlighting weaknesses in public sector data security and the rise of facilitators who enable organized crime from inside trusted institutions.
How a Student Assistant Became a Data Broker for Criminals
The courtroom drama unfolding in Copenhagen City Court centers on a young man who turned municipal employment into a criminal enterprise. Between June 2023 and July 2024, the 27-year-old held a student assistant position in Copenhagen Municipality with legitimate access to Denmark’s Central Person Register, known as the CPR register. This database holds sensitive personal information on every resident, including addresses, family connections, and identification numbers. According to prosecutors, he exploited that access to harvest data on approximately 1,598 individuals, then sold it through encrypted messaging apps to buyers in the organized crime world.
The indictment details a chilling progression from data theft to violent crime facilitation. Prosecutors allege the former student assistant operated as a paid information broker, fielding orders for specific targets and delivering packages of personal details that enabled robberies, assaults, and murder plots. The trial will examine 78 named victims whose information was allegedly passed to criminal clients. Police inspector Henrik Andersen from the National Unit for Special Crime describes the case with stark language, calling it deeply concerning when public employees in state or municipal roles assist criminals in running their operations.
From Data Request to Failed Murder Plot
One sequence in the indictment illustrates the alleged chain from database query to attempted killing. In spring 2024, prosecutors say the student assistant received a paid commission to look up a man from Herning. He allegedly retrieved the target’s CPR number, home address, and a list of close family members, then forwarded the package to a contact in organized crime circles. That contact, working with accomplices, recruited two Swedish teenage girls aged 14 and 15 to carry out the murder. The teenagers traveled from Sweden to Herning armed with a loaded pistol and appeared at the address on June 10, 2024.
The murder attempt collapsed because the intended victim was not home. Police describe the operation as an example of crime as a service, where violent tasks are outsourced to hired operatives, often young and willing to cross borders for payment. The failed hit highlights how raw data from a municipal computer terminal can translate into real-world violence. The defendant admits to unauthorized searches in the CPR register but denies any role in facilitating murder, robbery, or assault, setting up a legal battle over intent and knowledge.
Systematic Abuse Over Thirteen Months
The scale of data harvesting suggests systematic abuse rather than isolated incidents. Over roughly thirteen months, the student assistant conducted searches on nearly 1,600 people without legitimate work reasons. The indictment describes detailed communication logs on encrypted platforms where he allegedly negotiated prices and delivery of information packages. Police believe he understood the criminal purpose behind the requests, a crucial element prosecutors must prove to secure convictions on the most serious charges.
For the defendant to be found guilty of aiding specific crimes like attempted murder or robbery, the prosecution must demonstrate he at least recognized the possibility that illegal acts would follow and accepted that risk. The ten-page indictment includes an annex naming 78 victims whose data was tied to concrete criminal schemes. Henrik Andersen emphasizes that police hold a clear conviction the 27-year-old knew the information would fuel criminal activity, though proving that knowledge in court remains the central challenge of the trial.
Security Gaps in a Trust-Based System
The case exposes vulnerabilities in Denmark’s public administration, where access controls rely heavily on employee integrity. A student assistant, typically a junior support role, held unrestricted search capabilities in one of the nation’s most sensitive databases for over a year. Police confirm no evidence suggests organized criminals planted the defendant in the municipal job. Instead, the case appears to involve an employee who drifted into criminal facilitation after gaining access, raising questions about oversight and monitoring.
Police Focus on Facilitators Inside Institutions
Henrik Andersen points to a broader investigative priority within the National Unit for Special Crime. Facilitators, especially those in trusted positions within municipalities and state agencies, have become a focus area as organized crime seeks inside help to obtain information, documents, or other resources. The student assistant case fits this pattern, where the barrier between legitimate access and criminal service proves dangerously thin. Andersen describes Denmark as a society built on trust, granting even junior employees significant access to sensitive systems, making abuse of that trust particularly serious.
The defendant sat in pretrial detention since his arrest and court appearance last summer. Eight days have been allocated for the trial, with a verdict expected on March 24. The proceedings will likely detail how he communicated with criminal buyers, what payments he received, and whether his actions meet the legal threshold for aiding violent crimes. The outcome could influence how Danish authorities approach access management in public databases going forward.
Municipal Response and Broader Implications
Copenhagen Municipality moved quickly after the breach came to light. All 1,598 individuals whose data was accessed received direct notification from the city. Jens-Kristian Lütken, the former employment and integration mayor from the Liberal Party, promised tightened security measures. He acknowledged the need to prevent employees from casually browsing the CPR register for unauthorized information, signaling potential reforms in access protocols and audit trails.
The case also drew attention from data ethics advocates. Birgitte Arent Eiriksson, director of the Justitia think tank and a member of Denmark’s Data Ethics Council, called for stronger controls on sensitive personal data access. Her comments reflect growing concern that existing safeguards failed to detect or prevent systematic misuse over more than a year. The trial may prompt legislative or administrative changes to audit logs, access restrictions, and consequences for unauthorized searches in public registers.
The Human Cost Behind the Numbers
While the indictment focuses on legal technicalities and data volumes, the real-world impact centers on people whose private information became a commodity. Seventy-eight individuals are named as victims of schemes ranging from extortion to murder plots. Many likely had no idea their addresses and family details circulated in criminal networks until police or the municipality contacted them. The psychological toll of learning you were targeted for violence based on leaked government data adds a human dimension beyond the courtroom arguments.
Swedish Teenagers as Hired Killers
The involvement of two teenage girls from Sweden underscores the international and youthful dimensions of modern organized crime. Aged 14 and 15, they traveled to Denmark carrying a loaded pistol to execute a stranger based on information harvested from a municipal computer. Their recruitment illustrates the crime-as-a-service model, where violent tasks are subcontracted to individuals willing to act for payment, often with little direct connection to the ultimate client. The girls’ willingness to cross borders and attempt murder raises broader questions about recruitment, desperation, and the commodification of violence.
The Herning man whose address was passed to the hired killers escaped harm only by chance, being absent when the teenagers arrived. His case appears in the indictment as the clearest example linking the student assistant’s alleged data sales to a specific act of violence. Prosecutors will need to trace the information flow from database query to criminal contact to teenage operatives, establishing the defendant understood and accepted the lethal purpose behind his search.
Extortion and Robbery Networks
Beyond the attempted murder, the indictment describes multiple instances where personal data enabled extortion and violent robbery. Criminals used addresses and identity details to locate targets, confront them with threats or force, and steal money or valuables. The student assistant is accused of providing the foundational intelligence that made these crimes possible. Each case requires prosecutors to demonstrate a link between his data provision and the subsequent criminal act, along with proof he recognized the illegal intent.
The encrypted communication logs prosecutors cite will likely form key evidence. These messages may show explicit requests for target information, negotiations over payment, and acknowledgments of what the data would enable. If the logs reveal clear awareness of criminal plans, the defendant’s partial admission to unauthorized searches may not protect him from the more serious charges of aiding violent crimes.
What the Trial Will Determine
The eight-day trial will dissect the defendant’s actions, communications, and state of mind over thirteen months of alleged data brokering. Prosecutors bear the burden of proving not just that he conducted unauthorized searches, which he admits, but that he knowingly facilitated specific violent crimes. The defense will likely argue he sold information without understanding or accepting responsibility for how buyers used it, drawing a line between database misuse and criminal complicity.
Legal Standards for Aiding Crimes
Danish criminal law requires prosecutors to show the defendant at minimum foresaw the possibility of illegal acts and accepted that outcome. This standard differs from direct participation, focusing instead on whether the facilitator’s actions and awareness make him complicit. The student assistant’s case tests this boundary, as his role involved providing information rather than committing violence himself. If convicted on all counts, he faces significant prison time for aiding attempted murder, robbery, and assault, in addition to penalties for data misuse.
The trial’s structure, with closed courtroom sessions and a name ban protecting the defendant’s identity, reflects the sensitivity and severity of the charges. Witnesses may include police investigators, municipal IT staff, and possibly victims or their family members. The encrypted messages between the defendant and his alleged criminal clients will likely be introduced as evidence, requiring technical explanation and legal interpretation.
Precedent and Future Prevention
A conviction would set a clear precedent that public employees who leak sensitive data to criminals face serious consequences, especially when that information enables violence. It would reinforce accountability for facilitators operating inside trusted institutions. An acquittal on the aiding charges, while still leaving room for conviction on unauthorized data access, might signal that proving criminal intent for information brokers remains challenging without direct evidence of knowledge about specific crimes.
Regardless of the verdict, the case has already prompted discussion about systemic reforms. Calls for stronger access controls, better audit trails, and more rigorous vetting of employees with database access reflect a recognition that trust alone cannot secure sensitive information. The trial outcome on March 24 will shape both the defendant’s fate and the broader policy response to insider threats in Denmark’s public sector.
Sources and References
The Danish Dream: Danish Police Accused of Dropping Cases Illegally
TV2: Studentermedhjælper høstede CPR-numre, men nægter medvirken til drab
Berlingske: 27-årig sigtet for at have skaffet sig adgang til over 1700 personers CPR-numre
Politiken: Tidligere studentermedhjælper sigtet for at muliggøre drabsforsøg gennem opslag i cpr-registeret
Justitia: Misbrug af CPR-oplysninger kalder på mere kontrol
København Liv: Ny udvikling i sagen studentermedhjælper snagede i over 1700 CPR-numre
