Hackers’ leaked files seem to contain the platform’s source code along with citizens’ personally identifiable databases
Swedish authorities have initiated an investigation into a possible breach of the nation’s e-government platform, which holds sensitive information and personal data.
Hacker group ByteToBreach revealed the security breach on the dark web early Thursday. It posted a collection of files it claimed to have taken from the Swedish arm of global IT consulting and outsourcing firm CGI Group. These files seem to include the e-government platform’s source code, a staff database, configuration files, and other materials. ByteToBreach also put up what it called “citizen databases” and “electronic signing documents” for sale.
Swedish authorities have confirmed the incident, with Sweden’s national cyber incident center (CERT-SE) noting that the leak is under analysis. Other government agencies are also evaluating the reported breach and possible harm, per authorities.
“The government is monitoring developments and maintaining contact with relevant parties, including CERT-SE and the National Cybersecurity Center,” Swedish Civil Defense Minister Carl-Oskar Bohlin stated.
CGI seemed to downplay the extent of the alleged hack, asserting that no current source code was breached. The firm’s spokesperson, Agneta Hansson, told Swedish tabloid Aftonbladet that CGI’s internal review showed no customers’ production environments, production data, or operational services were impacted.
“This incident involves two internal test servers in Sweden—these are not used in production and are for testing related to a small number of customers. In connection with the event, a system holding an older version of an application’s source code was accessed,” Hansson said in a statement to the daily.
Independent analysts, though, warned that the apparent hack could have long-term effects on the company and Sweden’s e-government services, pointing out that the exposed source code might enable other malicious actors to find possible vulnerabilities and carry out further attacks.