The extortion group threatened to publish information just on Sunday, as TV4 News has previously reported. IT security expert Karl Emil Nikka from Stöldskyddsföreningen has now made a sample check against the published data to verify that it actually matches.
I check if the information I find in the database matches what I can find publicly, he says to TT.
The information includes, among other things, personal identity numbers, phone numbers, addresses, and employment IDs. According to Karl Emil Nikka, it involves just over a million affected individuals.
This is a huge data leak with hundreds of thousands of individuals' personal data that has been leaked, but it seems that it is mainly public information, he says.
”Increased risk”
The leak means, however, that there are now contact details in the form of email addresses and phone numbers.
There is now an increased risk of phishing attacks.
Individuals with protected information were not in Miljödata's system and have not been disclosed, according to previous information. IT expert Jens Nylander says, however, to TV4 News that even protected information should be included in the leak.
He has been able to identify at least 200 individuals who have had their protected information disclosed.
It's obviously possible that it could be a large number of unreported cases, since there may be people here with fake information. It's a bit difficult to know at present. But it's not zero as previously claimed, he says to TV4.
Frightening the victims
The attackers initially demanded payment not to publish the personal data. Karl Emil Nikka says that it is professional attackers who have a reputation they need to maintain.
They frighten the victims with their previous history. They have not leaked this data to make money from it, but to be able to make money when they extort the next victim.
Jonas Axelson, IT and information security consultant at CAG Security, also confirms to TT that the data has been published.
It was on August 23 that parts of Miljödata were subjected to an IT attack. 80 percent of Sweden's municipalities use the supplier, and the system handles, among other things, labor law cases, rehabilitation cases, as well as handling of work injuries and incidents.