The files leaked by hackers appear to include the platform’s source code, as well as citizens’ personally identifiable databases
The Swedish authorities have launched a probe into a potential breach of the country’s e-government platform containing sensitive information and personal data.
ByteToBreach announced the security breach on the dark web early on Thursday. The hacker group posted a cache of files it claimed to have obtained from the Swedish subsidiary of global IT consulting and outsourcing company CGI Group. The files appear to include source code for the e-government platform, a staff database, configuration files, and other materials. ByteToBreach has also offered what it described as “citizen databases” and “electronic signing documents” for sale.
The Swedish authorities have acknowledged the incident, with Sweden’s national center for cyber incidents (CERT-SE) stating the leak was being analyzed. Other government agencies are also assessing the reported breach and the potential damage, according to the authorities.
“The government is following developments and has ongoing contact with responsible actors, including CERT-SE and the National Cybersecurity Center,” Swedish Minister of Civil Defense Carl-Oskar Bohlin said.
CGI appeared to try and downplay the scale of the alleged hack, insisting that no up-to-date source code was compromised. The company’s spokesperson, Agneta Hansson, told the Swedish tabloid Aftonbladet that CGI’s internal analysis indicated that no customers’ production environments, production data, or operational services were affected.
“The event concerns two internal test servers in Sweden that are not used in production and are used for testing linked to a limited number of customers. In connection with the incident, a system with an older version of the source code for an application has been accessed,” Hansson told the daily in a statement.
Independent analysts, however, warned the apparent hack could have long-term implications for the company and Sweden’s e-government services, suggesting that the exposed source code may allow other malicious actors to identify potential vulnerabilities and attempt subsequent breaches.
