IT system supplier cyberattack impacts 200 municipalities in Sweden
A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden’s municipal systems, has caused accessibility problems in more than 200 regions of the country.
In addition to the service disruption, there are concerns that attackers also stole sensitive data. Local media report that the threat actor demanded a ransom of 1.5 (currently around $168,000) Bitcoins from Miljödata in exchange for not leaking stolen information.
Miljödata is a Swedish software company that develops and provides work environment and HR management systems for municipalities, regions, and organizations.
Its systems are used by the majority of municipalities in Sweden to handle medical certificates, rehabilitation cases, occupational injuries, incident and work environment reporting, and systematic work environment management (SAM).
The attack occurred over the weekend, with Miljödata CEO Erik Hallén confirming on August 25 that more than 200 municipalities in Sweden have been impacted.
“We are working very intensively together with external experts to investigate what has happened, what and who has been affected, and to restore system functionality,” stated Hallén.
BleepingComputer was able to find announcements about the incident in the region of Halland Region, and also on Gotland Region, warning their citizens that “sensitive personal data may have been leaked.”
Other municipalities reported as impacted by Swedish media are Skellefteå, Kalmar, Karlstad, and Mönsterås.
Swedish minister for civil defence, Carl-Oskar Bohlin, stated on X that the incident is being evaluated to estimate its impact with the help of CERT-SE, and the police started an investigation.
“The scope of the incident has not yet been clarified, and it is too early to determine the actual consequences,” stated the minister.
At the time of writing, no ransomware groups have taken responsibility for the attack at Miljödata publicly.
The company’s website is currently offline and attempts to contact them indicate that email servers are down.
In January 2024, Swedish IT services and cloud hosting provider Tietoevry was hit by an Akira ransomware attack which impacted operations across a wide range of businesses and caused service outages on government organizations and universities.
