On Tuesday, Sweden’s prosecution authority announced that the personal data of 1.5 million people had been leaked online after a cyberattack on an IT systems provider.
Swedish media reported that numerous town and city councils, as well as private companies, were affected by the breach. The number of individuals targeted represents nearly 15% of Sweden’s total population of 10.6 million.
In a statement, the prosecution authority confirmed that the attack against systems provider Miljodata occurred over the weekend of August 23-24. “The data stolen in connection with the attack on the system supplier has now been leaked. This concerns data belonging to more than 1.5 million private individuals,” said prosecutor Sandra Helgadottir, adding that an investigation is ongoing.
Helgadottir stated that a group calling itself “Datacarry” has claimed responsibility for the breach, and the investigation is focused on identifying the person or people responsible. “There is currently no evidence to suggest the involvement of a foreign power,” she added.
Swedish media had previously reported that the hackers had demanded 1.5 bitcoin (approximately $170,000) in exchange for not releasing the data. Over the weekend, Miljodata confirmed that the data had been published on the darknet. The company specified that the leaked data included names, addresses, and contact details.
The Swedish Authority for Privacy Protection reported in late August that it had received 250 reports from affected parties. The authority stated that at least 164 municipalities and four regional authorities were impacted by the attack.
Public broadcaster SVT said that employees, particularly in the city of Gothenburg, were affected by the hack. Additionally, several private companies saw their data compromised, including truck manufacturer Volvo, airline SAS, and airplane engine maker GKN Aerospace.
