Miljödata Data Breach (2025)

"Sweden's municipal governments have been knocked offline after ransomware crooks hit IT supplier Miljödata, reportedly demanding the bargain-basement sum of $168,000. Miljödata runs HR, sick leave, and incident reporting systems for approximately 80 percent of Sweden's municipalities, making it a juicy single point of failure. Over the weekend, those systems went dark, leaving councils from Gotland and Halland to Karlstad and Skellefteå unable to access key services. Miljödata CEO Erik Hallén confirmed on August 25 that the disruption was the result of a cyberattack, stating that the intrusion had affected 200 of Sweden's 290 municipalities, while local cosp have confirmed that the attackers responsible had demanded, er, 1.5 Bitcoin to keep the data under wraps. "Local media outlets report that sensitive data may already have been accessed, and the Gotland region warned that the attack "may have resulted in sensitive personal data being leaked." Precisely what information is at risk remains unclear, though Gotland states that it uses the software for handling employee data, including medical certificates, rehabilitation plans, and work-related injuries. Sweden's municipal governments have been knocked offline after ransomware crooks hit IT supplier Miljödata, reportedly demanding the bargain-basement sum of $168,000. Miljödata runs HR, sick leave, and incident reporting systems for approximately 80 percent of Sweden's municipalities, making it a juicy single point of failure. Over the weekend, those systems went dark, leaving councils from Gotland and Halland to Karlstad and Skellefteå unable to access key services. Miljödata CEO Erik Hallén confirmed on August 25 that the disruption was the result of a cyberattack, stating that the intrusion had affected 200 of Sweden's 290 municipalities, while local cosp have confirmed that the attackers responsible had demanded, er, 1.5 Bitcoin to keep the data under wraps. If the price tag sounds oddly low, that's because it is. At current exchange rates, 1.5 BTC amounts to roughly $168,000, a fraction of the multimillion-dollar sums typically associated with big-ticket ransomware campaigns. Hospitals, energy firms, and even city transport systems have faced extortion notes ten times higher. Whoever is behind this one seems to be thinking small, either because they don't know what they've got or they're hoping the modest ask will increase the chances of someone quietly paying up. Local media outlets report that sensitive data may already have been accessed, and the Gotland region warned that the attack "may have resulted in sensitive personal data being leaked." Precisely what information is at risk remains unclear, though Gotland states that it uses the software for handling employee data, including medical certificates, rehabilitation plans, and work-related injuries. Miljödata, for its part, says there is "no evidence to suggest" that data has been stolen, according to one university that uses the company's software. What is clear is the widespread disruption. Councils have admitted that staff have been locked out of Miljödata's platforms, while police and Sweden's CERT-SE have been called in to deal with the issue. Although no ransomware groups had claimed the attack when Miljödata disclosed the incident, BleepingComputer found that the threat group Datacarry posted the stolen data on its dark web portal on September 13."