Data Breach at Major Swedish Software Supplier Impacts 1.5m

Posted2 months agoActive2 months ago

fleahunter

57 points

20 comments

bleepingcomputer.comTechstory

calmnegative

Debate

40/100

Data BreachCybersecuritySoftware Supply Chain

Key topics

Data Breach

Cybersecurity

Software Supply Chain

A major Swedish software supplier, Miljödata, suffered a data breach impacting 1.5 million people, highlighting concerns about cybersecurity and data protection in the software supply chain.

Snapshot generated from the HN discussion

Discussion Activity

Moderate engagement

First comment

16s

Peak period

0-3h

Avg / period

4.5

Comment distribution18 data points

Loading chart...

Based on 18 loaded comments

Key moments

01Story posted
Nov 4, 2025 at 11:54 AM EST
2 months ago
Step 01
02First comment
Nov 4, 2025 at 11:54 AM EST
16s after posting
Step 02
03Peak activity
10 comments in 0-3h
Hottest window of the conversation
Step 03
04Latest activity
Nov 6, 2025 at 11:50 AM EST
2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (20 comments)

Showing 18 comments of 20

toomuchtodo

2 months ago

1 reply

Miljödata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it.

https://www.bleepingcomputer.com/news/security/it-system-sup...

https://www.svt.se/nyheter/inrikes/cyberattack-i-datasystem-...

SiempreViernes

2 months ago

Then nobody paid and pii was published, now an integrity agency is starting an investigation

https://www.svt.se/nyheter/inrikes/integritetsmyndigheten-in...

cncrndnetizen

2 months ago

8 replies

Yet another sign that governments and corporations should support SECURE programming language development and treat it like other (critical) infrastructure.

marginalia_nu

2 months ago

1 reply

Most of the Swedish public sector runs on Java. Problem is it's, like public infrastructure in general, more attractive to build than to maintain.

Doesn't matter what language you use if you don't actually maintain the software.

pksebben

2 months ago

It matters at least a little. Ceteris parabus, I'd prefer unmaintained rust code over unmaintained java.

That said, I'd also prefer maintained java over unmaintained rust, so I do see your point.

LtWorf

2 months ago

1 reply

Was the leak due to a stack overflow, double free or similar issue?

hulitu

2 months ago

It was an outsourcing overflow. /s

tetha

2 months ago

1 reply

I'd rather say we need more cyber anarchy and chaos within Europe. We need security researchers and the CCC and similar organizations with an absolute freedom to hack everything in Europe.

Get into everything, break every security control in Europe, be a pain. As long as function is not impacted, and security problems are reported responsibly. Don't DoS a power plant because you think you can, and face a judge if you do.

That's what foreign powers are doing and slowly collecting as preparation for the future, and that's the only real way to increase cyber security across the board.

dmix

2 months ago

You'll have to pay for that if you're going to have people as motivated as the adversaries.

alistairSH

2 months ago

Is there any indication this breach was related to the language used? Or was it something "higher level" like unsecured DB or S3 bucket or similar?

victorbjorklund

2 months ago

We don’t know what happened but rumor is it was a file that was uploaded for an integration and that the server wasn’t secured. Same would have happened no matter if using Rust or any other language.

shakna

2 months ago

In the past, Datacarry has almost exclusively used phishing as their first penetration of systems. (Exploits follow for escalation, but not generally penetration.)

Whilst we don't know exactly what they did here, a secure programming language will do bupkus when you're targeting the meatbag behind the keyboard. We need to treat people like infrastructure, that can and will eventually fail.

november123

2 months ago

Statistically PII leaks are due to not secure business logic bugs. Not because of unsafe memory handling of a programming language.

Unauthorized API always leaks.

vbezhenar

2 months ago

PHP was developed 30 years ago.

cv5005

2 months ago

2 replies

This data is publically available to anyone in Sweden:

Your salary (well, last years taxable income), debts/credit rating, criminal history, address, phone number, which vehicles and properties you own and which company boards you're on.

One of organized criminals biggest income these days are scamming rich old folks because it's so trivial to get all details needed (and who to target) to be a pretty convincing bankman, IRS type agent/etc.

Some of it you have to kind of manually request at various places, but it's all available.

So data breaches aren't really that big of a deal when everything is already public.

zith

2 months ago

1 reply

If I understand correctly the only thing not public that was leaked was the role each person had in the government.

tuwtuwtuwtuw

2 months ago

Why would the role within the government not be public? I can't imagine that being treated as a secret.

reppap

2 months ago

Afaik this breach also contained a lot of data about medical condition related to workplaces.

2 more comments available on Hacker News

View full discussion on Hacker News

ID: 45813148Type: storyLast synced: 11/20/2025, 12:23:31 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN