Massive Data Breach: Swedish Personal Data Leaked on Darknet

The personal data of hundreds of thousands of Swedes, leaked from system provider Miljödata, has now been published on the darknet, according to IT security expert Karl Emil Nikka.

– There is now an increased risk of phishing attacks.

The extortion group threatened to release the information on Sunday, as reported by TV4 News on Saturday. IT security expert Karl Emil Nikka from the Swedish Theft Protection Association has conducted spot checks on the published data to verify its authenticity.

– I check if the information I find in the database matches what I can find publicly, he tells TT.

No Protected Information

The data includes personal identification numbers, phone numbers, addresses, and employment IDs. Individuals with protected information were not in Miljödata's system and have not been exposed.

– This makes it slightly less serious, he says, adding:

– This is a massive data leak involving the personal information of many hundreds of thousands of individuals, but it seems to be primarily public information.

However, the leak means that contact information such as email addresses and phone numbers is now available.

– There is now an increased risk of phishing attacks.

Intimidating the Victims

The attackers initially demanded payment to prevent the release of personal data. Karl Emil Nikka says that these are professional attackers with a reputation to maintain.

– They intimidate victims with their previous history. They have not leaked this data to profit from it directly but to make money when they extort the next victim.

On August 23, parts of Miljödata were subjected to a cyberattack. 80 percent of Sweden's municipalities use the provider, and the system handles labor law cases, rehabilitation cases, and the management of work injuries and incidents.

Jonas Axelson, IT and information security consultant at CAG Security, also confirms to TT that the data has been published.