Miljödata (affecting City of Stockholm)

A cyberattack on Miljödata, an HR system provider used by Swedish municipalities, resulted in a massive breach exposing the personal data of over 40,000 City of Stockholm employees across 300+ occupations. The leaked information includes names, personal identity numbers, phone numbers, email addresses, and employment IDs. While the full extent of the breach is still under investigation by Truesec and law enforcement, initial reports confirm the data was accessed by an unauthorized attacker. Employees with special security protections were unaffected, as their data was stored separately.The breach mirrors a prior incident in Finland (April 2024), where attackers demanded a 1.5 Bitcoin ransom (~€143,000) to prevent data release. Though no ransom demand has been publicly linked to this attack, authorities warn of potential fraudulent misuse of the leaked personal information. The City of Stockholm has alerted affected employees about risks such as identity theft and phishing attacks, while the investigation remains ongoing to determine if additional sensitive data was compromised.

Source: https://www.helsinkitimes.fi/world-int/27877-data-breach-hits-40-000-stockholm-city-employees.html

TPRM report: https://www.rankiteo.com/company/miljodata-ab

"id": "mil5393653090925",
"linkid": "miljodata-ab",
"type": "Breach",
"date": "4/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '40,000+ employees',
                        'industry': 'Public Administration',
                        'location': 'Stockholm, Sweden',
                        'name': 'City of Stockholm',
                        'size': '40,000+ employees',
                        'type': 'Government (Municipality)'},
                       {'industry': 'HR Systems/Software',
                        'location': 'Sweden',
                        'name': 'Miljödata',
                        'type': 'Private Company'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '40,000+',
                 'personally_identifiable_information': ['Names',
                                                         'Personal Identity '
                                                         'Numbers',
                                                         'Phone Numbers',
                                                         'Email Addresses',
                                                         'Employment IDs'],
                 'sensitivity_of_data': 'High (includes national identity '
                                        'numbers)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': 'Late August 2024',
 'date_publicly_disclosed': '2024-09-03T00:00:00Z',
 'description': 'A cyberattack on Swedish HR system provider Miljödata '
                'resulted in the personal data leak of all City of Stockholm '
                'employees (over 40,000 individuals across 300+ occupations). '
                'The compromised data includes names, personal identity '
                'numbers, phone numbers, email addresses, and employment IDs. '
                'The breach is under investigation by law enforcement and '
                'cybersecurity firm Truesec. Attackers reportedly demanded a '
                'ransom of 1.5 Bitcoin (~€143,000) in a similar incident, but '
                "the Stockholm breach's ransom details remain unconfirmed. "
                'Employees were warned of potential fraudulent misuse of their '
                'data.',
 'impact': {'brand_reputation_impact': 'High (municipal employees at risk of '
                                       'identity fraud)',
            'data_compromised': ['Names',
                                 'Personal Identity Numbers',
                                 'Phone Numbers',
                                 'Email Addresses',
                                 'Employment IDs'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'No (payment data not mentioned as '
                                        'compromised)',
            'systems_affected': ['Miljödata HR System']},
 'initial_access_broker': {'high_value_targets': ['HR system databases']},
 'investigation_status': 'Ongoing (led by Truesec and law enforcement)',
 'motivation': ['Financial Gain (presumed)', 'Data Theft'],
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '1.5 Bitcoin (~€143,000) in a similar '
                                   'Finnish incident (unconfirmed for '
                                   'Stockholm)'},
 'references': [{'source': 'Mitti Newspaper'},
                {'date_accessed': 'Late August 2024',
                 'source': 'Blekinge Läns Tidning'},
                {'source': 'HT (Article Source)'}],
 'regulatory_compliance': {'regulations_violated': ['Potential GDPR violations '
                                                    '(EU)']},
 'response': {'communication_strategy': ['Internal employee notifications',
                                         'Public disclosure via media'],
              'incident_response_plan_activated': 'Yes (investigation ongoing)',
              'law_enforcement_notified': 'Yes',
              'third_party_assistance': ['Truesec (cybersecurity firm)']},
 'stakeholder_advisories': 'Internal communication to City of Stockholm '
                           'employees warning of identity fraud risks',
 'title': 'Data Breach at Miljödata Affecting City of Stockholm Employees',
 'type': ['Data Breach', 'Cyberattack']}