Cyberattack on Miljödata disrupts municipal systems across Sweden

A cyberattack on Miljödata, a key IT systems supplier for Swedish municipalities, has caused widespread disruptions in more than 200 regions and raised fears of a major data breach. The attack, confirmed over the weekend, is suspected to be a ransomware incident involving a demand of 1.5 Bitcoins, worth about $168,000, in exchange for not leaking stolen information.

Miljödata provides work environment and HR management platforms to roughly 80 percent of Sweden’s municipalities, supporting functions such as medical certificates, rehabilitation cases, occupational injury reporting, and systematic work environment management. Its systems are widely used by local governments, making the attack one of the most disruptive in recent years for Sweden’s public sector.

Chief Executive Erik Hallén said on August 25 that around 200 municipalities and regions had been affected and that the company was working “very intensively together with external experts to investigate what has happened, what and who has been affected, and to restore system functionality.” The company’s website and email servers remain offline.

Local governments, including the Halland and Gotland regions, have warned citizens that sensitive personal information may have been exposed. Other municipalities identified as affected include Skellefteå, Kalmar, Karlstad, and Mönsterås.

Swedish Minister for Civil Defence Carl-Oskar Bohlin said the incident is under review by national authorities, including CERT-SE and the National Cybersecurity Center, while police have launched an investigation. “The scope of the incident has not yet been clarified, and it is too early to determine the actual consequences,” Bohlin said in a statement on social media. He added that the government remains in close contact with relevant agencies and stressed the importance of improving cyber resilience across Swedish society.

So far, no ransomware group has publicly claimed responsibility for the breach. The incident follows a January 2024 ransomware attack on IT services provider Tietoevry, which disrupted operations for government agencies, universities, and businesses across the country.

Bohlin noted that the latest attack highlights the urgency of stronger security frameworks, confirming that the government will soon introduce a new cybersecurity bill aimed at tightening requirements for public and private organizations.