It is primarily because it's about what type of information they actually had access to and then what type of information they may have taken with them. And in a third step, if there is any information that has been spread further. None of these steps are currently confirmed, says Jennie Everhed.
The data breach was discovered on Thursday morning and led to the system being shut down. Who or those behind the attack, which is an ongoing police investigation and has also been reported to the Integrity Protection Authority (IMY), is also unknown.
As much as we understand, they are professionals. But where they come from, what nationality, what they are after, if they belong to any particular group or similar – we have not been able to identify, says Jennie Everhed.
Payment function not affected
Sportadmin is used by approximately 1,700 sports associations in the country and has one million children and adults as members. It is used, among other things, to administer training sessions and association information. There is also a payment function, which is said to have been spared.
Just when it comes to payment functions, we have external suppliers who help us with those functions, and they are not affected by the data breach, says Jennie Everhed.
What we have primarily made progress with during the day is what concerns the legal process. We have had ongoing dialogue with IMY, to be able to assist our associations with the information that must be sent out to the registered, according to GDPR legislation.
"Everything will be restored"
On Saturday, the app was again available, and gradually more functions have come online.
Everything will be restored. However, I dare not give any prognosis for when everything will be as it was before we shut it down on Thursday, says Jennie Everhed.
Associations are advised to be extra vigilant about contact attempts from unknown email users or phone numbers.
