A little clarification!
The databases that were hacked in Denmark were databases concerning such things as driver's licenses and CPR-number (The "Centrale Personregister" - I don't think I need to translate that?). Obviously you need a database for driver's licenses, or how will you know if one is a fake?
As for CPR numbers. I'm not certain as to how large an extent other countries use a system like it. But everyone living in Denmark (even my foreign student friends) get one.
It was created in 1968 (based on registries dating back to 1924) and the registry contains information about: Name, Address, Registry of Birth, Citizenship status, whether or not you are part of the Danish Folkekirke (People Church - the church stated in the constitution to be the official church of Denmark), information about your kin, and marital status. Not sure what it registers about the foreigners getting one.
It's main purpose is to avoid fraud and to facilitate government services. The main thing it is used for - I would say - is going to the doctor. When you go to a doctor, the doctor gets paid by the government. So to ensure there's no fraud patients sign using their CPR-numbers as well. It is also to some extent used (I say this because it is primarily used as people log-in name) in the more or less nationwide online log-in system "NemID", which almost everyone in the country has (includiing the foreign students I mentioned).
Now I know that to some this could seem like some sort of crazy Orwellian nightmare. And hell it might be - but we trust our government... to some extent. And while there are certainly cases of asinine behaviour, that trust still exists. And like I said the purpose is to ensure that services are provided, that no services that shouldn't be provided are provided, and that you are able to be accurately identified if the need arises.
Perhaps the point of the hack was to get in and find all the horrible yummy details that the government had pasted onto the numbers, but if that was the case I would suspect a leak to have already existed - because as far as I can tell the hack has been going on for a while.*
As for CSC being the ones to safeguard the data. I trust that the servers are located in Denmark, and that therefore the US government cannot PATRIOT those data - because I do _not_ trust the US government. Although I would prefer that a new company be found. Perhaps one that hasn't been hacked once already? Guess we could argue that they're experienced now, but I would argue that perhaps the hack took place because they were incompetent.
*"after the revelation that hackers, for several months, have been able to access registries at Rigspolitiet [the police], where access has been possible to among other things CPR-numbers"
http://politiken.dk/tjek/digitalt/internet/ECE1989749/datatilsynet-hackerangreb-paa-cpr-register-er-meget-alvorligt/
Biting the hand that feeds IT
