A significant data breach has exposed the personal information of hundreds of thousands of Swedes, including those with protected identities, on the darknet. The breach, resulting from a cyberattack on system provider Miljödata, raises concerns about identity theft and the security of sensitive data.
Massive Data Breach Exposes Sensitive Information of Swedish Citizens
Massive Data Breach Exposes Sensitive Information of Swedish Citizens
Hundreds of thousands of Swedes' personal data have been published on the darknet in an unusually large leak. Information about at least 200 individuals with protected identities has also been exposed, reports TV4 Nyheterna.
The data leaked following a cyberattack on system provider Miljödata, which supplies HR systems to a large portion of Sweden's municipalities. The stolen information includes personal identification numbers, phone numbers, and addresses of hundreds of thousands of municipal employees across the country.
Pontus Johnson, a professor at KTH and cybersecurity expert, describes it as a very large leak.
– However, it seems that much of the information was already known and available on the internet, which makes the problem less severe.
– Nevertheless, it is often the case that one does not know exactly what information has leaked, and later it emerges that sensitive data was included, he continues.
Such information could include personal data for people with protected identities. These individuals should not be in Miljödata's system. However, Johnson warns that their information may have leaked anyway, as it often happens.
Protected Information Appears to Have Leaked
And this seems to have occurred. Tech entrepreneur Jens Nylander has found information on at least 200 people with protected data, he tells TV4 Nyheterna.
He has so far only reviewed the material leaked from Stockholm city and not the rest of the country.
– I did random checks on individual cases and can confirm that if one has a protected address, that address should not be known. But in this leaked material from what is claimed to be Stockholm city, the address is clear.
Stockholm city has previously denied sharing protected personal data with Miljödata, according to TV4 Nyheterna.
Warning: Risk of Identity Theft
The leak poses an increased risk of identity theft, says Pontus Johnson.
– It is difficult for an individual to do much unless they want to change their name or address.
However, most of the data is already available on the internet on sites like Eniro and Ratsit, which means the risk of identity theft is not significantly higher than usual.
Russian Hacker Groups
The hacker group Datacarry has claimed responsibility for the attack, reports SVT.
Pontus Johnson is not familiar with the group but notes that the hacker environment is dynamic, with similar groups often changing both names and members.
– Most operate from Russia and are quite professional. They do this to make money, he says.
The breach in Miljödata was discovered on August 23, and the hackers have since threatened to publish the data. According to reports, they demanded 1.5 bitcoin – equivalent to 1,600,000 SEK – to not leak the information.