Hackers claim breach of CGI Sweden, leak allegedly tied to BankID login infrastructure

CGI Inc. confirmed a cybersecurity incident affecting internal systems in its Swedish division after hackers claimed to have stolen data linked to Sweden’s digital identity infrastructure.

A threat group calling itself ByteToBreach posted a dataset allegedly taken from CGI’s Swedish operations, claiming the material includes source code and credentials connected to systems used by public authorities. The leak surfaced Thursday night on the cybercrime forum Breached and allegedly contains information that could reveal how citizens authenticate into government services.

The compromised data reportedly includes source code, passwords and encryption keys tied to systems used by government agencies. Some databases containing personal information about citizens and electronic signature documents were also advertised separately for sale.

One of the affected systems is believed to be associated with login services used by the Swedish Tax Agency to enable authentication through BankID. BankID is a widely used electronic identity service that allows users to access government portals, banking platforms and digital signature services. Millions of people in Sweden rely on the system daily for digital identification and financial transactions.

The forum hosting the leaked dataset was taken offline over the weekend as part of a cybersecurity initiative, preventing independent verification of the material.

CGI disclosed that the incident involved two internal test servers located in Sweden. The company said the systems were used for testing and were connected to a service for a limited number of customers.

The company stated that it moved quickly to secure the affected servers after identifying the intrusion on March 13. The attackers accessed the environment through an older version of an application’s source code.

CGI said the compromised servers were not used in production environments and stated there is no indication that customer production systems, operational services or production data were affected.

Officials at the Swedish Tax Agency said there is currently no evidence of operational impact.

Sweden’s digital infrastructure has faced multiple cyber incidents in recent years. In 2025, the BankID authentication service experienced a targeted distributed denial-of-service attack that temporarily disrupted access for millions of users. The outage prevented users from logging into bank accounts or completing digital payments for several hours, although customer data remained protected.