Data breach at major Swedish software supplier impacts 1.5M

https://www.bleepingcomputer.com/news/security/data-breach-at-major-swedish-software-supplier-impacts-15-million/

57•fleahunter•3mo ago

Comments

toomuchtodo•3mo ago

Miljödata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it.

https://www.bleepingcomputer.com/news/security/it-system-sup...

https://www.svt.se/nyheter/inrikes/cyberattack-i-datasystem-...

SiempreViernes•3mo ago

Then nobody paid and pii was published, now an integrity agency is starting an investigation

https://www.svt.se/nyheter/inrikes/integritetsmyndigheten-in...

cncrndnetizen•3mo ago

Yet another sign that governments and corporations should support SECURE programming language development and treat it like other (critical) infrastructure.

vbezhenar•3mo ago

PHP was developed 30 years ago.

marginalia_nu•3mo ago

Most of the Swedish public sector runs on Java. Problem is it's, like public infrastructure in general, more attractive to build than to maintain.

Doesn't matter what language you use if you don't actually maintain the software.

pksebben•3mo ago

It matters at least a little. Ceteris parabus, I'd prefer unmaintained rust code over unmaintained java.

That said, I'd also prefer maintained java over unmaintained rust, so I do see your point.

alistairSH•3mo ago

Is there any indication this breach was related to the language used? Or was it something "higher level" like unsecured DB or S3 bucket or similar?

LtWorf•3mo ago

Was the leak due to a stack overflow, double free or similar issue?

hulitu•3mo ago

It was an outsourcing overflow. /s

victorbjorklund•3mo ago

We don’t know what happened but rumor is it was a file that was uploaded for an integration and that the server wasn’t secured. Same would have happened no matter if using Rust or any other language.

tetha•3mo ago

I'd rather say we need more cyber anarchy and chaos within Europe. We need security researchers and the CCC and similar organizations with an absolute freedom to hack everything in Europe.

Get into everything, break every security control in Europe, be a pain. As long as function is not impacted, and security problems are reported responsibly. Don't DoS a power plant because you think you can, and face a judge if you do.

That's what foreign powers are doing and slowly collecting as preparation for the future, and that's the only real way to increase cyber security across the board.

dmix•3mo ago

You'll have to pay for that if you're going to have people as motivated as the adversaries.

shakna•3mo ago

In the past, Datacarry has almost exclusively used phishing as their first penetration of systems. (Exploits follow for escalation, but not generally penetration.)

Whilst we don't know exactly what they did here, a secure programming language will do bupkus when you're targeting the meatbag behind the keyboard. We need to treat people like infrastructure, that can and will eventually fail.

november123•3mo ago

Statistically PII leaks are due to not secure business logic bugs. Not because of unsafe memory handling of a programming language.

Unauthorized API always leaks.

cv5005•3mo ago

This data is publically available to anyone in Sweden:

Your salary (well, last years taxable income), debts/credit rating, criminal history, address, phone number, which vehicles and properties you own and which company boards you're on.

One of organized criminals biggest income these days are scamming rich old folks because it's so trivial to get all details needed (and who to target) to be a pretty convincing bankman, IRS type agent/etc.

Some of it you have to kind of manually request at various places, but it's all available.

So data breaches aren't really that big of a deal when everything is already public.

zith•3mo ago

If I understand correctly the only thing not public that was leaked was the role each person had in the government.

tuwtuwtuwtuw•3mo ago

Why would the role within the government not be public? I can't imagine that being treated as a secret.

reppap•3mo ago

Afaik this breach also contained a lot of data about medical condition related to workplaces.

MyFlames: Visualize MySQL query execution plans as interactive FlameGraphs

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Reverse-Engineering Raiders of the Lost Ark for the Atari 2600

Show HN: Deterministic NDJSON audit logs – v1.2 update (structural gaps)

The Greater Copenhagen Region could be your friend's next career move

Do Not Confirm – Fiction by OpenClaw

The Analytical Profile of Peas

Hallucinations in GPT5 – Can models say "I don't know" (June 2025)

What AI is good for, according to developers

OpenAI might pivot to the "most addictive digital friend" or face extinction

Show HN: Know how your SaaS is doing in 30 seconds

ClawdBot Ordered Me Lunch

What the News media thinks about your Indian stock investments

Running Lua on a tiny console from 2001

Google and Microsoft Paying Creators $500K+ to Promote AI Tools

New filtration technology could be game-changer in removal of PFAS

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Kinda Surprised by Seadance2's Moderation

I Write Games in C (yes, C)

Django scales. Stop blaming the framework (part 1 of 3)

Malwarebytes Is Now in ChatGPT

Thoughts on the job market in the age of LLMs

Show HN: Stacky – certain block game clone

AIII: A public benchmark for AI narrative and political independence

SectorC: A C Compiler in 512 bytes

The API Is a Dead End; Machines Need a Labor Economy

Digital Iris [video]