A significant data breach at Miljödata has exposed sensitive personal information of 1.5 million individuals, including health and personal issues, on the darknet. The breach, affecting several Swedish municipalities and companies, poses a heightened risk of fraud. Authorities are investigating the attack, claimed by a group named 'Datacarry'.
Massive Data Breach Exposes Sensitive Employee Information on Darknet
Sensitive Information Leaked on Darknet
Diseases, addictions, and relationship problems. The data leaked from Miljödata contains highly sensitive information about employees. Now, there is a risk that this information will be widely used in fraud attempts.
At the end of August, the system provider Miljödata suffered a major data breach.
The company's services are used by several municipalities, authorities, and companies across the country to manage various employee data.
Prosecutors estimate that information concerning 1.5 million individuals is included in the leak.
After a failed extortion attempt, the information has now been published on the darknet.
Sensitive Information
To a large extent, it seems to involve personal data such as personal identification numbers, phone numbers, and addresses. However, the security company Skimsafe, which is reviewing the data, told Expressen that very sensitive information about employees is also among the data.
– Our technicians have discovered very sensitive journal notes about a large number of individuals in Sweden, says Carl Martinsson, a security expert at Skimsafe.
So far, several thousand such notes have been found about former employees at Volvo Cars, as previously reported by Göteborgs-Posten.
These include panic attacks and sick leaves. Others mention difficult divorces and addiction issues.
– It is terrible for those affected. We will assist the police and the Data Protection Authority with the material we have, says Carl Martinsson.
How the Information is Used
The company also offers a service to check if you are included in the leak.
As a private individual, the advice from both experts and prosecutors is to be extra vigilant about potential fraud attempts.
– Fraudsters can now possess very sensitive information about you and may appear much more credible in contact attempts.
Prosecutor Sandra Helgadottir, who leads the investigation, states in a press release that a group calling itself 'Datacarry' has claimed responsibility for the attack.
– The investigation is focused on identifying the person or persons behind it. There is currently no indication of foreign power involvement, she further states.
Volvo Cars' press chief Magnus Holst tells Expressen that they do not use Miljödata as a provider for their employees.
"However, when the separate company Power Engineering was formed in 2021 (which later became Aurobay), Power Engineering/Aurobay acquired Miljödata as a provider. In connection with this, a data export was made from Volvo Cars' corresponding system to Miljödata and Aurobay for the affected employees. The employees had not yet received Aurobay email addresses at the time of the data transfer, so the data was linked to Volvo Cars addresses. In 2022, Volvo Cars divested Aurobay," he writes in an email to Expressen.
He writes that Volvo Cars stores "relevant information of this type" during the time an employee is employed by the company. After one year, the information is deleted.
"This is because we are obliged to document illness and rehabilitation plans to demonstrate that we have fulfilled our rehabilitation responsibility as an employer," Holst further writes.
According to Holst, the information they store is only accessible to a "limited number of people," and he writes that the information is handled according to current regulations.