A significant data breach has reportedly compromised a Swedish state IT system used for digital identity management, according to reports from Dagens Nyheter and Expressen. The sensitive information, allegedly containing source code, passwords, and encryption keys, was published on the darknet on Thursday evening.
The hack is said to have targeted CGI Sverige, a company that handles important digital services for multiple Swedish government agencies. The compromised system is reportedly used by agencies including the Swedish Tax Agency (Skatteverket) for Bank-ID login authentication.
IT security expert Anders Nilsson stated in an email to SVT that the hack appears authentic, writing: 'Source code for several programs seems to exist, and from what I can see, the hack looks genuine.'
Source code for several programs seems to exist, and from what I can see, the hack looks genuine.
Multiple authorities are investigating the intrusion, with the Swedish Tax Agency confirming they are aware of the reports and seeking contact with CGI. CERT-SE, Sweden's national center for IT incidents, is also analyzing the reports and coordinating a response.
The hacker group calling itself ByteToBreach claims to have obtained a large amount of sensitive data from CGI Sverige. According to reports, the leaked material includes not only source code but also personal data about citizens and electronic signing documents that are reportedly being sold separately.
Authorities have not yet confirmed the extent of the breach, with investigations ongoing to verify the authenticity of the claims.