A major data breach in Sweden resulted in the theft of personal information belonging to over **1.5 million citizens**, accounting for nearly **15% of the country’s population**. The attack, attributed to the hacker group **Datacarry**, targeted regional administrations, municipalities, and corporations, including **Volvo** and the airline **SAS**. Compromised data included **names, addresses, contact details of employees and citizens**, as well as sensitive corporate information. The attackers demanded a ransom of **1.5 bitcoin (~€147,000)** for data recovery. Swedish prosecutors confirmed no evidence of state-sponsored involvement, but the scale of the breach—affecting both public and private sectors—raises severe concerns over systemic vulnerabilities. The incident highlights risks to **national data security, corporate espionage, and citizen privacy**, with potential long-term reputational and operational damages for affected entities like Volvo, whose proprietary and employee data were exposed.
TPRM report: https://www.rankiteo.com/company/volvo-group
"id": "vol2832328091725",
"linkid": "volvo-group",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': '1,500,000+ (citizens and '
'employees)',
'industry': 'public administration',
'location': 'Sweden',
'name': 'Communes suédoises',
'type': 'government (local)'},
{'customers_affected': '1,500,000+ (citizens and '
'employees)',
'industry': 'public administration',
'location': 'Sweden',
'name': 'Administrations régionales suédoises',
'type': 'government (regional)'},
{'industry': 'automotive',
'location': 'Sweden',
'name': 'Volvo',
'type': 'private company'},
{'industry': 'aviation',
'location': 'Sweden',
'name': 'SAS (Scandinavian Airlines)',
'type': 'private company'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '1,500,000+',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'employee data',
'corporate data']},
'description': 'Les informations personnelles de plus d’1,5 million de '
'citoyens suédois (15 % de la population) ont été volées. Les '
'pirates ont exigé une rançon de 1,5 bitcoin (≈ 147 000 €). '
'Des communes, administrations régionales, ainsi que des '
'entreprises comme Volvo et SAS, ont été touchées. Les données '
'compromises incluent noms, adresses et coordonnées d’employés '
'et de citoyens. L’attaque a été revendiquée par le groupe '
'**Datacarry**, sans implication apparente d’une puissance '
'étrangère selon les procureurs suédois.',
'impact': {'brand_reputation_impact': "high (affecting 15% of Sweden's "
'population and major companies)',
'data_compromised': ['noms',
'adresses',
'coordonnées (employés et citoyens)',
"données d'entreprises (Volvo, SAS)"],
'identity_theft_risk': 'high'},
'initial_access_broker': {'high_value_targets': ['government databases',
'corporate data (Volvo, '
'SAS)']},
'investigation_status': 'ongoing (no evidence of foreign state involvement)',
'motivation': 'financial (ransomware)',
'ransomware': {'data_exfiltration': True,
'ransom_demanded': '1.5 BTC (≈ 147,000 EUR)'},
'references': [{'source': 'Swedish Prosecution Authority (media reports)'}],
'response': {'law_enforcement_notified': True},
'threat_actor': 'Datacarry',
'title': 'Importante fuite de données en Suède affectant 1,5 million de '
'citoyens',
'type': ['data breach', 'ransomware']}