The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. The ransomware gang, Datacarry, has claimed this attack. Here are details:
Sweden is investigating one of the largest data breaches in its history: an attack on IT systems provider Miljödata compromised the data of around 1.5 million citizens. Cybercriminals stole the information and published it on the darknet, and the regulator IMY has already started a GDPR compliance check. The Swedish Privacy Authority (IMY) announced the launch of an investigation after cybercriminals hacked the systems of Miljödata, a provider of IT solutions for 80% of the country’s municipalities.
The attack caused disruptions to government services in the regions of: Halland, Gotland, Skellefteå, Kalmar, Karlstad, Mönsterås. Later, the hacker group Datacarry published the stolen 224 MB archive on its darknet portal. The service Have I Been Pwned confirmed the appearance of the data and added it to its database.
Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24, commented:
“‘Datacarry’ is a financially-motivated ransomware group active since at least June 2024, the date when they claim to have targeted their first victim. They maintain a Data Leak Site (DLS) where they publish data from victim companies that didn’t pay the ransom amount requested to recover encrypted files. Datacarry ransomware attacks are presumably opportunistic, but most victims reported so far are medium-size businesses located in European countries.
It is believed that Datacarry does not own a custom encryption tool, but like many other double extortion ransomware groups, they rely on the leaked Conti ransomware builder to encrypt victim files. For initial access, they have been observed targeting the vulnerable Fortinet EMS servers affected by CVE-2023-48788 vulnerability.”
These attacks keep getting worse and worse. And what’s really bad is the group behind this is effectively using “off the shelf tools” to pull this off. That shows that ransomware is getting to the point where it is close to being completely out of control. Which in terms means that the time for action to reverse this is now.
Like this:
Like Loading...
Related
This entry was posted on November 5, 2025 at 12:59 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Data breach at major Swedish software supplier impacts 1.5 million
The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. The ransomware gang, Datacarry, has claimed this attack. Here are details:
Sweden is investigating one of the largest data breaches in its history: an attack on IT systems provider Miljödata compromised the data of around 1.5 million citizens. Cybercriminals stole the information and published it on the darknet, and the regulator IMY has already started a GDPR compliance check. The Swedish Privacy Authority (IMY) announced the launch of an investigation after cybercriminals hacked the systems of Miljödata, a provider of IT solutions for 80% of the country’s municipalities.
The attack caused disruptions to government services in the regions of: Halland, Gotland, Skellefteå, Kalmar, Karlstad, Mönsterås. Later, the hacker group Datacarry published the stolen 224 MB archive on its darknet portal. The service Have I Been Pwned confirmed the appearance of the data and added it to its database.
Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24, commented:
“‘Datacarry’ is a financially-motivated ransomware group active since at least June 2024, the date when they claim to have targeted their first victim. They maintain a Data Leak Site (DLS) where they publish data from victim companies that didn’t pay the ransom amount requested to recover encrypted files. Datacarry ransomware attacks are presumably opportunistic, but most victims reported so far are medium-size businesses located in European countries.
It is believed that Datacarry does not own a custom encryption tool, but like many other double extortion ransomware groups, they rely on the leaked Conti ransomware builder to encrypt victim files. For initial access, they have been observed targeting the vulnerable Fortinet EMS servers affected by CVE-2023-48788 vulnerability.”
These attacks keep getting worse and worse. And what’s really bad is the group behind this is effectively using “off the shelf tools” to pull this off. That shows that ransomware is getting to the point where it is close to being completely out of control. Which in terms means that the time for action to reverse this is now.
Share this:
Like this:
Related
This entry was posted on November 5, 2025 at 12:59 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.