The Swedish Authority for Privateness Safety (IMY) is investigating a cyberattack on IT programs provider Miljödata that uncovered information belonging to 1.5 million folks.
Miljödata is an IT programs provider for roughly 80% of Sweden’s municipalities. The corporate disclosed the incident on August 25, saying that the attackers stole information and demanded 1.5 Bitcoin to not leak it.
The assault triggered operational disruptions that affected residents in a number of areas within the nation, together with Halland, Gotland, Skellefteå, Kalmar, Karlstad, and Mönsterås.
Due to the big impression, the state monitored the scenario from the time of disclosure, with CERT-SE and the police beginning to examine instantly..
In response to IMY, the attacker uncovered on the darkish internet information that corresponds to 1.5 million folks within the nation, creating the idea for investigating potential Basic Data Safety Regulation (GDPR) violations.
“The Miljödata leak meant that a big portion of Sweden’s inhabitants had their private information revealed on the Darknet — in lots of instances, even delicate info,” said IMY’s head, Jenny Bård.
“The leak raises a lot of questions in regards to the stage of security and what kinds of private information had been saved within the programs.”
“Our essential focus is to analyze any shortcomings that might present classes going ahead, with a purpose to cut back the danger of comparable incidents occurring once more.”
As a result of intensive impression, IMY has determined to prioritize investigation targets in accordance to the criticality of their operations, limiting it to Miljödata, the Metropolis of Gothenburg, the Municipality of Älmhult, and the Area of Västmanland.
Miljödata shall be investigated in relation to security measures, whereas the municipalities shall be examined for his or her information dealing with practices, with specific concentrate on kids’s information, protected id topics, and former staff.
Extra entities could also be investigated sooner or later, however there aren’t any such plans for now.
Though no ransomware teams had claimed the assault when Miljödata disclosed the incident, BleepingComputer discovered that the menace group Datacarry posted the stolen information on its darkish internet portal on September 13.
Supply: BleepingComputer
The menace actors, who listing an extra 12 victims on their web site, present a 224MB archive with information allegedly stolen from Miljödata.
Have I Been Pwned has additionally added to its database the leaked Miljödata info, which comprises names, electronic mail addresses, bodily addresses, telephone numbers, authorities IDs, and dates of delivery.
The data breach alerting service experiences that the leaked information corresponds to 870,000 folks, which is roughly half the determine offered by IMY.
It is price range season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, establish rising tendencies, and examine their priorities as they head into 2026.
Find out how prime leaders are turning funding into measurable impression.
