More than 5 million Swedes have allegedly been included in a newly advertised list on hacker forums, putting them at risk. If the dump is legitimate, of course.
A large dataset of Swedish citizens has appeared on underground hacker marketplaces. In their post, the threat actor claims that the sensitive Swedish data was obtained through a corporate hack.
According to claims, the data breach affects over 5,452,000 individuals, which is roughly half of the Swedish population. The threat actor states that the dataset spans from personally identifiable information to geographic location data and property-related data.
The threat actor alleges that the data was obtained from ilait.se and adressfakta.se, services that distribute contact and address information for commercial use. We have reached out to the companies for comment and will update the article once we receive a response.
What Swedish data has allegedly been breached?
The Cybernews research team has reviewed the data samples provided by the threat actor and identified that they contain basic personal identifiers, such as:
- Full names
- Home addresses
- Phone numbers
However, the question of how sensitive the situation is remains unanswered. Sweden maintains a long-standing principle of public access to information, meaning that many categories of personal and corporate data can be legally obtained from official registries or public records.
“Sweden is one of these countries, where data that we would classify as private is largely publicly available. This goes for businesses, their operations, but also with individual data as well,” Cybernews researchers noted.
While not everything is freely available, information such as full names, registered addresses, dates of birth, income and tax information, or phone numbers can be looked up. This means that the compilation of this dataset could not necessarily be linked to external hacking.
“Having this in mind, the claims from a threat actor that they hacked a Swedish company and now have the dump of it sounds largely exaggerated,” our researchers said.
Also, within the dataset, only 18 sample records are clearly identifiable and coherent. So it is impossible to verify the entire scope of the alleged breach.
Affected individuals are at risk of phishing
Cybernews researchers caution against dismissing the potential risks entirely. While the exposed information might not be as sensitive, the scale of the exposure might be the key to the danger.
When identity data is aggregated into a single accessible file, it becomes significantly easier for attackers to construct targeted phishing campaigns and cross-reference individuals with other breached datasets.
This helps build behavioral or geographic profiles, making impersonation attempts much more believable.
“It is way easier to profile these people and to combine this info with maybe some other leaks from other services that would make the attack surface a bit bigger,” our researchers explained.
“With this info alone, there could be an increase in social engineering attacks against these people.”
Not the first incident to shake Sweden
This March, Sweden’s digital ID provider CGI confirmed a data breach that potentially exposed source code used by public authorities in the country.
One of the systems affected by the breach was allegedly used by the Swedish Tax Agency to enable BankID logins.
Also, some of the stolen databases were dropped on hacker forums. Reportedly, they contained personal data about citizens and electronic signature documents.
Last year, Cybernews reported that an unsecured server had exposed hundreds of millions of detailed records on Swedish citizens and companies, dating from 2019 to 2024.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked