On September 1, a week after the cyberattack against the system supplier Miljödata, John Billow became the head of Sweden's national cybersecurity center.
Our assessment is that it is serious, he says about the leak.
It is based on a number of factors: The amount of data that has been published, that it is large amounts of personal data that have been leaked and we have seen that it also includes protected personal data and information about people who are part of sensitive activities.
It has also been leaked in structured form, which makes it possible to obtain comprehensive information about a specific organization and all its employees.
Were you surprised that this could happen in Sweden 2025?
Unfortunately not. We have seen several similar types of attacks.
We also know that there are deficiencies in cybersecurity among organizations in Sweden, even in activities that are of more critical importance.
Basic deficiencies
How could it happen?
Generally, we see that there can be basic deficiencies in how you handle accounts and permissions, how you update systems, what IT architecture you have, what software you have, and how you control your internet access and so on.
Will it happen again?
Cybersecurity work is a continuous work. It's not something you get done with, because technology is updated, software is updated, and vulnerabilities are discovered that make you constantly need to adjust and work with security. If you don't have that systematics in your work, vulnerabilities will arise again in the long run.
Threat actors one step ahead
The so-called threat actors are always one step ahead in seeing where the vulnerabilities are, according to John Billow.
Therefore, the business must also constantly update itself. If you don't, there is a risk that it will happen again.
How can customers, for example municipalities, protect themselves against cyberattacks against a system supplier?
This illustrates the complexity that exists because we have outsourced a lot of activities to other actors. There are subcontractors in several stages sometimes, which means it affects further up the chain.
This places high demands on those who procure, to both make the right demands based on the type of information that is to be handed over and the service to be purchased.
On August 23, an IT attack was carried out against the system supplier Miljödata, which, among other things, has 80 percent of the municipalities as customers.
Regions, authorities, and private companies also use Miljödata's systems for handling, among other things, labor law cases, rehabilitation cases, as well as handling work injuries and incidents.
The group behind the cyberattack gained access to information about over 1.5 million people.
It's about, for example, personal identity numbers, phone numbers, addresses, email addresses, employment ID, as well as profession and position.
On September 14, the information was published on the darknet.
The incident is being investigated as gross data intrusion and attempted gross extortion.
