The extortion group threatened to publish information just on Sunday, reported TV4 News on Saturday. IT security expert Karl Emil Nikka from Stöldskyddsföreningen has now made a sample check of the published data to verify that it actually matches.
I check if the information I find in the database matches what I can find publicly, he says to TT.
No protected information
The information includes, among other things, personal identity numbers, phone numbers, addresses, and employment IDs. Individuals with protected information were not in Miljödata's system and have not been disclosed.
This makes it a little less serious, he says and adds:
This is a huge data leak with hundreds of thousands of individuals' personal data that has leaked, but it seems that it is mainly public information.
The leak means, however, that there are now contact details in the form of email addresses and phone numbers.
There is now an increased risk of phishing attacks.
Scaring the victims
The attackers first demanded payment not to publish the personal data. Karl Emil Nikka says that they are professional attackers who have a reputation that they need to maintain.
They scare the victims with their previous history. They have not leaked this particular data to make money from it, but to be able to make money when they extort the next victim.
It was on August 23 that parts of Miljödata were subjected to an IT attack. 80 percent of Sweden's municipalities use the supplier, and the system handles, among other things, labor law cases, rehabilitation cases, as well as handling of work injuries and incidents.
Jonas Axelson, IT and information security consultant at CAG Security, also confirms to TT that the data has been published.
