Vision Trade Union Suffers Major Data Breach Affecting 300,000 Individuals

On October 14, 2025, Vision, a prominent Swedish trade union, disclosed a significant data breach impacting approximately 300,000 individuals across Sweden. The breach originated from a cyberattack on Vision's website that occurred during September 27-28, 2025, where hackers exploited a feature in the union's membership application form to match personal identification numbers with corresponding address details from the government's personal address register (Spar).

The hackers used sequences resembling personal identification numbers to automatically extract sensitive information such as names and official registration data. Notably, individuals with protected identities were not affected. Vision identified that many of those compromised were born in the years 1981, 2000, 2007, and 2011. Importantly, no union membership information was disclosed in the breach.

The data breach was initially discovered when Vision received an unusually high invoice from Spar, raising suspicions that led to the investigation. Following the discovery, Vision promptly reported the incident to the Swedish Authority for Privacy Protection (Integritetskyddsmyndigheten) as mandated by regulations.

In response, Vision has sent informational letters to all affected individuals, advising them to stay vigilant against potential fraud attempts particularly via postal mail. The union expressed regret over the incident but emphasized that no direct action beyond caution is required from the recipients. Caroline Cederquist, Vision's press chief, underscored the seriousness of the breach and refrained from speculating about how the attack was carried out.

This large-scale incident highlights the growing cybersecurity challenges faced by organizations handling sensitive personal data, prompting increased awareness and preventive measures to protect citizen information in Sweden.