The three customers are the City of Gothenburg, Älmhult Municipality and Region Västmanland.
It was at the end of August that the system provider Miljödata was subjected to an IT attack, resulting in data on 1.5 million people being published on the Darknet.
"The leak raises a number of questions about what security has been like and what types of personal data have been in the systems. It is central for us to investigate any shortcomings that can provide lessons for the future," says IMY's head of unit Jenny Bård in a press release.
80 percent of Sweden's municipalities use the supplier and the system handles, among other things, labor law matters and rehabilitation matters.
The incident is being investigated as a serious data breach and attempted aggravated extortion.
