Cyber Attack cyber

Miljodata

Jan 12, 2026 2 min read
Miljodata

Sweden's IT systems provider Miljodata suffered a severe cyberattack over the weekend of August 23rd–24th, 2024, resulting in the leak of personal data belonging to 1.5 million individuals nearly 15% of Sweden’s population. The compromised data, published on the dark web, included names, addresses, personal identification numbers, and contact details. The attack impacted 164 municipalities, four regional authorities, and multiple private companies, including Volvo, SAS, and GKN Aerospace, with Gothenburg employees particularly affected. A hacker group called Datacarry claimed responsibility, initially demanding 1.5 bitcoin (~$170,000) before leaking the data. While no foreign state involvement was confirmed, the breach triggered 250 reports to Sweden’s Privacy Protection Authority. The incident exposed sensitive personal information on a mass scale, raising concerns over identity theft, fraud, and long-term reputational damage for both the provider and affected organizations. Investigations remain ongoing to identify the perpetrators.

Source: https://www.thelocal.se/20250916/personal-data-of-1-5-million-people-leaked-in-swedish-data-breach?gaa_at=eafs&gaa_n=ASWzDAg852HsOg8JiT4S1Cbunq5u__WLpdRxJn4Dl72t8f9JqJNDMOJCk2Js&gaa_ts=68c95a82&gaa_sig=6ZJ-oYpaBaUaFtR90ee1UgbLo5V1iRn-XuP0U4G_Ji8xxkZSI5XL4JrlDDfryNER707fi77q95WxCvB9drvb3Q%3D%3D

TPRM report: https://www.rankiteo.com/company/miljodata-ab

"id": "mil1533015091625",
"linkid": "miljodata-ab",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '1,500,000 individuals',
                        'industry': 'Information Technology',
                        'location': 'Sweden',
                        'name': 'Miljodata (IT Systems Provider)',
                        'type': 'Private Company'},
                       {'industry': 'Public Administration',
                        'location': 'Sweden (including Gothenburg)',
                        'name': '164 Municipal Councils',
                        'type': 'Government'},
                       {'industry': 'Public Administration',
                        'location': 'Sweden',
                        'name': '4 Regional Authorities',
                        'type': 'Government'},
                       {'industry': 'Automotive',
                        'location': 'Sweden',
                        'name': 'Volvo',
                        'type': 'Private Company'},
                       {'industry': 'Aviation',
                        'location': 'Sweden',
                        'name': 'SAS (Scandinavian Airlines)',
                        'type': 'Private Company'},
                       {'industry': 'Aerospace',
                        'location': 'Sweden',
                        'name': 'GKN Aerospace',
                        'type': 'Private Company'}],
 'data_breach': {'data_exfiltration': 'Yes (published on dark web)',
                 'number_of_records_exposed': '1,500,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (includes personal '
                                        'identification numbers)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Contact Details']},
 'date_detected': '2024-08-23',
 'date_publicly_disclosed': '2024-08-27',
 'description': "Sweden's prosecution authority announced that a cyberattack "
                'on IT systems provider Miljodata resulted in the leak of '
                'personal data belonging to 1.5 million individuals '
                "(nearly 15% of Sweden's population). The attack occurred on "
                'August 23rd–24th, 2024, with the stolen data later '
                'published on the dark web. The hacker group Datacarry '
                'claimed responsibility and demanded 1.5 bitcoin '
                '(~$170,000). Affected entities include 164 '
                'municipalities, 4 regional authorities, and private '
                'companies such as Volvo, SAS, and GKN Aerospace. The leaked '
                'data includes names, addresses, personal identification '
                'numbers, and contact details. Investigations are ongoing, '
                'with no evidence of foreign state involvement.',
 'impact': {'brand_reputation_impact': 'High (affecting public and private '
                                       'sectors, including major corporations)',
            'customer_complaints': '250 reports to Swedish Authority for '
                                   'Privacy Protection',
            'data_compromised': ['Names',
                                 'Addresses',
                                 'Personal Identification Numbers',
                                 'Contact Details'],
            'identity_theft_risk': 'High (personal identification numbers '
                                   'exposed)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (published by '
                                                    'Datacarry)',
                           'high_value_targets': ['Municipal data',
                                                  'Corporate employee data']},
 'investigation_status': 'Ongoing (focused on identifying individuals in '
                         'Datacarry group)',
 'motivation': 'Financial Gain (ransom demand)',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '1.5 bitcoin (~$170,000 / ~1.1 million '
                                   'SEK)'},
 'references': [{'date_accessed': '2024-08-27',
                 'source': 'Swedish Prosecution Authority Statement'},
                {'date_accessed': '2024-08-27',
                 'source': 'SVT (Swedish Public Broadcaster)'},
                {'date_accessed': '2024-08-27',
                 'source': 'Swedish Authority for Privacy Protection'}],
 'regulatory_compliance': {'regulatory_notifications': 'Swedish Authority for '
                                                       'Privacy Protection '
                                                       '(250 reports filed)'},
 'response': {'communication_strategy': 'Public disclosure via prosecution '
                                        'authority and media',
              'incident_response_plan_activated': 'Yes (investigation ongoing)',
              'law_enforcement_notified': 'Yes (Swedish Prosecution Authority '
                                          'leading investigation)'},
 'threat_actor': 'Datacarry (hacker group)',
 'title': 'Data Breach Affecting 1.5 Million Individuals in Sweden via IT '
          'Provider Miljodata',
 'type': ['Data Breach', 'Cyber Extortion']}
Published by
Jeremy C
Jeremy C
You might also like
Cyber Attack cyber

Protei

public 1 min read
Protei, a Russian telecom company specializing in surveillance and web-filtering technologies (including deep packet inspection systems), suffered a cyber breach…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.