NextFin news, On Sunday, September 14, 2025, a hacker group named Datacarry published personal data of more than one million Swedish individuals on the dark web. The data leak followed a cyberattack in late August against Miljödata, a system provider that supplies HR systems to approximately 80 percent of Sweden's municipalities.
The stolen information includes personal identity numbers, phone numbers, addresses, and employment IDs of current and former employees in various municipalities and regions, including Stockholm, Region Skåne, Linköping, and Gothenburg. The breach affects both public sector employees and some private organizations connected to Miljödata's systems.
Cybersecurity expert Karl Emil Nikka, from the Swedish Theft Protection Association, told SVT Nyheter that the main risk now is that attackers will use the leaked data to contact individuals and attempt to deceive them into revealing further information. He emphasized that once data is leaked, it must be considered compromised regardless of any ransom demands.
The hacker group Datacarry claimed responsibility for the attack on Saturday and threatened to release the data on Sunday, which they subsequently did. They had demanded a ransom of 1.5 bitcoins, valued at over 1.6 million Swedish kronor in mid-September, from Miljödata to prevent the publication of the data. However, experts consider it unlikely that the company would pay the ransom.
Miljödata, which provides digital HR solutions for managing sick leave and work-related injuries, reported the incident to authorities and is cooperating with cybersecurity firm Truesec and the police in the ongoing investigation. The breach has also prompted warnings for affected individuals to be vigilant against potential fraud and phishing attempts.
The cyberattack has been described as one of the larger data breaches in recent years in Sweden, affecting approximately 200 organizations nationwide. The Swedish Civil Defence Minister confirmed that the national cybersecurity center is coordinating the response to the incident.
Individuals who are or have been employed by the affected municipalities and regions are advised to be cautious of unsolicited contacts and to report suspicious communications. SVT Nyheter has verified the authenticity of the leaked data through screenshots and confirmed identities of several individuals.
Explore more exclusive insights at nextfin.ai.