Hackers claim they’ve cracked a contractor tied to Sweden’s digital ID system, leaking code and credentials that could expose how citizens log in to government services.
A group calling itself ByteToBreach has posted a large dataset allegedly stolen from CGI’s Swedish division, potentially exposing source code used by public authorities in the country.
Other databases containing personal data about citizens and electronic signature documents are reportedly being sold separately. One of the systems affected by the breach is allegedly used by the Swedish Tax Agency to enable BankID logins.
The BankID electronic identity service is used daily by millions of Swedes to access government services, banks, and digital signatures, raising serious concerns about the safety of Swedish citizens.
The data dump appeared on Breached, a well-known cybercrime forum, on Thursday night and was first reported by Swedish outlets Aftonbladet and Dagens Nyheter.
Journalists at Dagens Nyheter said they reviewed parts of the leaked material, which reportedly include source code, passwords, and encryption keys. Cybernews cannot verify the information, as the Breached forum was taken down over the weekend by a cybersecurity initiative.
The Swedish Tax Agency played down concerns, telling Aftonbladet that there is no immediate impact.
"We take all incidents seriously, but we don't see anything that affects us right now," said Peder Sjölander, IT Director at the Swedish Tax Agency.
CGI says hackers reached test systems
In the wake of the breach claims, CGI confirmed the incident. On March 13th, the company stated that it immediately took action to secure the affected servers.
“The incident concerns two internal test servers in Sweden. The servers are not used in production but are used for testing, connected to a service for a limited number of customers,” the CGI statement read.
Check if your data has been leaked
The company also states that the threat actors accessed the system with an older version of the application's source code.
“There is currently no indication of any impact on customers' production environments, production data, or operational services. Information to the contrary is not accurate,” the company insisted.
Swedish BankID previously targeted by DDoS attacks
This is not the first time that Swedish government systems have suffered from cyber incidents. Last year, BankID was knocked down for several hours after a targeted DDoS attack.
While customer data remained safe throughout the attack, over 8.6 million BankID users were unable to send or receive money or log in to their bank accounts. The numbers are staggering, as Sweden’s entire population is just a little over 10 million.
Last year was not a lucky one for Swedes, as they suffered multiple high-profile cyberattacks. For example, the Cybernews research team uncovered a massive data leak that exposed over 100 million private records of Swedish citizens.
Has your password leaked?
Swedish IT supplier Miljödata was also the target of a large-scale ransomware attack, affecting around 200 municipalities and regions, including Gotland, Halland, Kalmar, Varberg, Umeå, Luleå, Kiruna, Mönsterås, Karlstad, and Skellefteå. Reportedly, personal information of 1.5 million Swedes was stolen.
And Svenska kraftnät, Sweden’s primary electricity grid operator, confirmed that it suffered a data breach after the Russia-linked Everest ransomware gang claimed to have syphoned hundreds of gigabytes of the company’s data.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked