A serious data breach at Swedish IT company Miljödata has put personal information of more than 1.5 million people at risk, leading the Swedish Data Protection Authority (IMY) to open a major investigation.
The incident, which occurred at the end of August, involved attackers stealing large amounts of personal data and subsequently publishing it on the Darknet.
Authorities believe sensitive and private details are among the leaked information, affecting a significant portion of Sweden’s population.
IMY Launches GDPR Inspections
In response to the breach, IMY has initiated inspections to examine whether Miljödata and several public sector organizations complied with General Data Protection Regulation (GDPR) requirements.
The investigations target Miljödata, the City of Gothenburg, Älmhult Municipality, and Region Västmanland, all of which relied on Miljödata’s IT services for handling personal data.
IMY has made contact with Miljödata and the affected organizations since the cyberattack, aiming to understand exactly what data was impacted and how the breach occurred.
Jenny Bård, head of unit at IMY, stated that this leak exposed sensitive information for a vast number of individuals.
She emphasized the importance of examining the company’s security measures and the types of personal information stored.
The investigation seeks to uncover shortcomings in data protection, identify how such a massive leak could happen, and learn valuable lessons to prevent future incidents.
IMY’s audit of Miljödata will primarily address security concerns related to the breach.
Inspectors will assess how the attack was able to happen, what security protocols were in place, and whether Miljödata followed best industry practices.
Attention will be paid to whether the systems protect data belonging to persons with protected identities, former employees, and children.
Inspections of the region and municipalities focus on their responsibilities and practices while handling personal data within Miljödata’s systems.
Investigators will determine what specific data was stored, who it belonged to, and whether proper data protection measures were observed.
This includes checking records about individuals who should have been removed from the systems, such as people with protected identities or children.
While IMY is currently concentrating on Miljödata and three public sector entities, it has not ruled out extending its inspections to other organizations involved.
The breadth of the impact suggests there could be further reviews if additional risks are found.
The Miljödata incident has raised pressing questions throughout Sweden about cybersecurity, responsible data management, and the security of public sector IT services.
IMY’s actions demonstrate a commitment to protecting citizens and ensuring accountability following major data breaches.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1)%20(1).webp?resize=1068,580&ssl=1&description=The incident, which occurred at the end of August, involved attackers stealing large amounts of personal data and subsequently publishing it on the Darknet.){kind=link}