Massive Swedish Software Data Breach Hits 1.5 Million Users
▼ Summary
– The Swedish Privacy Authority (IMY) is investigating a cyberattack on IT supplier Miljödata that exposed data of 1.5 million people.
– Miljödata provides IT systems for 80% of Sweden’s municipalities, and attackers stole data and demanded 1.5 Bitcoin ransom.
– The attack caused operational disruptions affecting citizens in multiple Swedish regions and prompted immediate investigation by CERT-SE and police.
– IMY is focusing its investigation on Miljödata’s security measures and select municipalities’ data handling, particularly regarding children’s data and protected identities.
– The threat group Datacarry leaked the stolen data containing names, email addresses, government IDs, and other personal information on the dark web.
A significant cybersecurity incident has struck Sweden, impacting a vast number of citizens through a breach at the IT systems provider Miljödata. The Swedish Authority for Privacy Protection (IMY) has launched an investigation into the attack, which compromised personal information belonging to an estimated 1.5 million individuals. Miljödata, a company that supplies IT services to approximately 80 percent of Sweden’s municipalities, publicly reported the incident on August 25. The attackers not only stole sensitive data but also demanded a ransom of 1.5 Bitcoin, threatening to release the information if their demands were not met.
This cyberattack caused considerable operational disruptions across several Swedish regions, including Halland, Gotland, Skellefteå, Kalmar, Karlstad, and Mönsterås. Due to the widespread nature of the breach, Swedish authorities closely monitored the situation from the outset. Both the Swedish Computer Emergency Response Team (CERT-SE) and law enforcement agencies initiated investigations immediately following the disclosure.
According to IMY, the attackers published the stolen data on the dark web, exposing details corresponding to 1.5 million people. This incident has prompted an inquiry into potential violations of the General Data Protection Regulation (GDPR). Jenny Bård, the head of IMY, emphasized the severity of the situation, stating, “The Miljödata leak meant that a large portion of Sweden’s population had their personal data published on the Darknet , in many cases, even sensitive information.” She further noted that the breach raises serious questions about the security protocols in place and the types of personal data stored within the affected systems.
Bård added, “Our main focus is to investigate any shortcomings that could provide lessons going forward, in order to reduce the risk of similar incidents happening again.” Given the extensive impact, IMY has decided to prioritize its investigation based on the criticality of the entities involved. The initial targets include Miljödata itself, the City of Gothenburg, the Municipality of Älmhult, and the Region of Västmanland. Miljödata will be scrutinized for its security measures, while the municipalities will be examined for their data handling practices, with special attention paid to children’s data, individuals with protected identities, and former employees. Although other entities could be investigated in the future, there are no immediate plans to expand the scope.
While no ransomware groups had claimed responsibility at the time Miljödata disclosed the incident, the threat group known as Datacarry later posted the stolen data on its dark web portal on September 13. Datacarry, which lists an additional twelve victims on its website, provided a 224MB archive containing the data allegedly taken from Miljödata. The breach alerting service Have I Been Pwned has since incorporated the leaked Miljödata information into its database. The exposed data includes names, email addresses, physical addresses, phone numbers, government identification numbers, and dates of birth. Interestingly, Have I Been Pwned reports that the leaked data corresponds to approximately 870,000 people, which is roughly half the figure cited by IMY.
(Source: Bleeping Computer)