Personal data of 1.5m people leaked in Swedish data breach

Sweden's prosecution authority said on Tuesday the personal data of 1.5 million people had been leaked online after a cyberattack against an IT systems provider.

Swedish media said town and city councils and private companies had been affected.

The number of people targeted represents nearly 15% of Sweden's population of 10.6 million.

The attack against systems provider Miljodata occurred during the weekend of August 23-24, the prosecution authority said in a statement.

"The data stolen in connection with the attack on the system supplier has now been leaked.

"This concerns data belonging to more than 1.5 million private individuals," prosecutor Sandra Helgadottir said, adding that an investigation into the data breach was ongoing.

Helgadottir said a group going by the name of Datacarry had claimed responsibility and the investigation focused on identifying the individual or individuals responsible.

"There is currently no evidence to suggest the involvement of a foreign power," she said.

Swedish media had reported that the hackers had demanded 1.5 bitcoin (roughly $170,000) when they threatened to release the data.

Miljodata said over the weekend that the data had been published on the darknet.

The company said the type of data leaked included names, addresses and contact details.

The Swedish Authority for Privacy Protection said in late August it had received 250 reports from affected parties.

According to the authority, at least 164 municipalities and four regional authorities had been affected by the attack.

Public broadcaster SVT reported that employees, especially in the city of Gothenburg, had been affected by the hack.

A number of private companies had also seen their data compromised, including truckmaker Volvo, airline SAS and plane engine maker GKN Aerospace.