This weekend’s cyber attack on the Finnish IT services company Tietoevry affected at least 127 Swedish government agencies. All were reportedly connected to the personnel management system Primula, which was also affected by the attack.
There are concerns that personal data from the authorities may have fallen into the wrong hands in connection with the attack, and Tietoevry was also forced to shut down its Primula service during the weekend hack.
The service is used, among other things, to manage and administer personnel data for up to 127 Swedish authorities, including sensitive authorities such as the Defense Intelligence Service, the Swedish Mental Health Board and the National Treasury.
Mikael Östlund of the Swedish Psychological Defense Agency tells tax-funded Swedish Radio that he is concerned that sensitive information about the home addresses of employees and their relatives may now have gone astray.
But Daniel Ström, president of the Defense Information Court (Försvarsunderrättelsedomstolen), says he is not so worried, because it is only “personnel administration information” and the systems would not be used “if we considered this information worthy of protection”.
A large number of municipalities and regions also use Primula to manage personal data, and in recent days there have been many reports of disruptions and technical services that have stopped working.