The Swedish Privacy Protection Authority (IMY) has initiated a comprehensive investigation into a significant data leak affecting approximately 1.5 million individuals. This follows a ransomware attack in August on the IT supplier Miljödata, which led to the exfiltration and subsequent publication of extensive personal data on the darknet.
The breach highlights vulnerabilities within critical supply chains. Miljödata provides HR systems utilized by an estimated 80% of Swedish municipalities and various companies, as reported by Security.nl. The ransomware attack initially disrupted HR system access for around 200 Swedish municipalities and regions. Further analysis confirmed data theft, with published information reportedly including sensitive personal data.
IMY’s investigation will scrutinize potential security deficiencies at Miljödata that facilitated the breach. The inquiry also extends to the data handling practices of specific entities that utilized Miljödata’s services, including Göteborgs stad, Älmhults kommun, and Region Västmanland. Regulators are examining the types of personal data stored within the compromised systems, particularly focusing on information concerning individuals with protected identities, former employees, and children. For more on similar cases, read our article on Conti Ransomware Suspect Extradited to US.
Jenny Bård, a unit manager at IMY, commented on the gravity of the situation, stating, “The Miljödata leak meant that a large part of Sweden’s population had their personal data published on the darknet, in many cases also sensitive data.” The investigation aims to identify any shortcomings that could provide valuable lessons to mitigate the risk of similar incidents in the future. The precise method by which the ransomware attack was executed has not been publicly disclosed by Miljödata.
The ongoing IMY investigation underscores the critical importance of robust cybersecurity measures for third-party IT suppliers, especially those managing sensitive public sector data. These measures are essential to safeguard citizen information and national infrastructure against evolving cyber threats, such as those discussed in our article about BADCANDY Cyberattacks on Cisco IOS XE Devices.