Breaking NEWS
Topics:
cyber warfare
cyber crime
computer security
Major Data Breach Exposes Swedish Government IT Systems and Digital Identity Infrastructure

www.expressen.se

Major Data Breach Exposes Swedish Government IT Systems and Digital Identity Infrastructure

A cyberattack has exposed source code and sensitive personal data from Swedish government IT systems, affecting digital identity platforms and prompting confirmations from cybersecurity authorities.

    Key details

  • • Hacker group ByteToBreach leaked source code of Sweden’s e-governance platform.
  • • Databases containing personal citizen data and credentials were compromised.
  • • The breach involves vulnerabilities in CGI Sweden’s digital infrastructure.
  • • Cert-SE confirmed the incident but stated no impact on production systems.

A significant cyberattack has resulted in the leak of critical source code and sensitive personal data from Swedish government IT systems, raising concerns about the security of the country's digital infrastructure.

The hacker group ByteToBreach has publicly released the complete source code of Sweden's e-governance platform, which includes systems used for digital identity management and Bank-ID logins across multiple agencies including the Swedish Tax Agency. Alongside the source code, databases containing personal information, email passwords, electronic signing documents, and configuration data for digital identity and e-signature portals were compromised. The group exploited vulnerabilities within CGI Sweden’s digital infrastructure, which manages key digital services for Swedish authorities, according to reports.

The leaked materials also reportedly include access credentials and encryption keys necessary for operating closed government systems. The data breach has been discussed extensively on cybercriminal forums, highlighting the severity of the incident. ByteToBreach has made the source code freely available for download while offering the personal data and other sensitive information for sale, emphasizing the exposure of trust anchors and identity solutions foundational to Sweden's digital state.

Cert-SE, Sweden's authority for IT security incident management, acknowledged the incident but clarified that the affected systems were two internal test servers not connected to production environments. Gustaf Nilsson, spokesperson for Cert-SE, emphasized that there is no evidence of impact on production environments, operational services, or production data for customers.

This cybersecurity breach follows a pattern of attacks by the same hacker group, which recently leaked passenger data from Viking Line. Efforts to gain direct comment from the implicated IT company are ongoing.

The incident highlights critical vulnerabilities in governmental digital infrastructure and raises pressing questions about data protection and digital identity security for Swedish citizens and public authorities alike.

This article was translated and synthesized from Swedish sources, providing English-speaking readers with local perspectives.

Source articles (2)

Logo

www.expressen.se

Logo

www.dn.se

Source comparison

Identity management system

Sources report different systems affected by the breach

expressen.se

"the complete source code of Sweden's e-governance platform has been leaked"

dn.se

"the source code for a digital identity management system related to secure logins via Bank-ID has been leaked"

Why this matters: One source claims the breach involves Sweden's e-governance platform, while the other mentions a digital identity management system used for secure logins via Bank-ID. This discrepancy is significant as it affects the understanding of which specific systems are compromised in the breach.

Latest news

The top news stories in Sweden

Delivered straight to your inbox each morning.

Sign up