The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people.
Miljödata is an IT systems supplier for roughly 80% of Sweden’s municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it.
The attack caused operational disruptions that affected citizens in multiple regions in the country, including Halland, Gotland, Skellefteå, Kalmar, Karlstad, and Mönsterås.
Because of the large impact, the state monitored the situation from the time of disclosure, with CERT-SE and the police starting to investigate immediately..
According to IMY, the attacker exposed on the dark web data that corresponds to 1.5 million people in the country, creating the basis for investigating potential General Data Protection Regulation (GDPR) violations.
“The Miljödata leak meant that a large portion of Sweden’s population had their personal data published on the Darknet — in many cases, even sensitive information,” stated IMY’s head, Jenny Bård.
“The leak raises a number of questions about the level of security and what types of personal data were stored in the systems.”
“Our main focus is to investigate any shortcomings that could provide lessons going forward, in order to reduce the risk of similar incidents happening again.”
Due to the extensive impact, IMY has decided to prioritize investigation targets in accordance to the criticality of their operations, limiting it to Miljödata, the City of Gothenburg, the Municipality of Älmhult, and the Region of Västmanland.
Miljödata will be investigated in relation to security measures, while the municipalities will be examined for their data handling practices, with particular focus on children’s data, protected identity subjects, and former employees.
Additional entities may be investigated in the future, but there are no such plans for now.
Although no ransomware groups had claimed the attack when Miljödata disclosed the incident, BleepingComputer found that the threat group Datacarry posted the stolen data on its dark web portal on September 13.
Source: BleepingComputer
The threat actors, who list an additional 12 victims on their website, provide a 224MB archive with data allegedly stolen from Miljödata.
Have I Been Pwned has also added to its database the leaked Miljödata information, which contains names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth.
The data breach alerting service reports that the leaked data corresponds to 870,000 people, which is roughly half the figure provided by IMY.
Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.
