Miljödata 2025 Data Breach
ObscureIQ Breach Intelligence
High SeverityGovernment / public sector
Miljödata Swedish Occupational Health Software Breach (2025): 870K Records Including Swedish Government ID Exposed via Ransomware
Swedish software provider focused on occupational health, rehabilitation, and workplace environment management.
Verified by ObscureIQ Intelligence
79/100Breach Risk Index
30Data Value
40Market Recency
223dSince Breach
Breach Intelligence Summary
Entity: Miljödata · Actor: Unspecified ransomware group (1.5 BTC ransom demand) · Sources: 2 references
Attack: Ransomware
Profile: Company · Environmental and data services · Sustainability data provider · Sweden
Timeline: Breach (2025-08-25) · Indexed (Sep 16, 2025) · Year (2025)
Exposure: 870K records · 7 fields: Date of Birth, Email Address, Full Name, Gender, Government ID, Phone Number, Physical Address
Status: Confirmed
Executive Summary
Swedish IT supplier Miljödata was hit by a ransomware attack discovered on Saturday, August 23, 2025. The intrusion compromised systems the company operates on behalf of a large share of Sweden's public sector, including its Adato platform for occupational-health and HR workflows. The attackers reportedly demanded 1.5 bitcoin, equivalent to roughly €144,000.\n\nThe blast radius was unusually wide for a single supplier breach. Approximately 164 municipalities, four regions, multiple universities, and a number of private firms were directly affected, totaling around 250 client organizations. In mid-September 2025, attackers published stolen data on the dark web. The dataset covered roughly 870,000 unique email addresses paired with names, phone numbers, physical addresses, dates of birth, gender, and Swedish personal identity numbers, also known as personnummer.\n\nThe exposure carries severe and durable risk for affected Swedes. The personnummer is a stable government identifier used widely for identity verification, banking, healthcare, and tax purposes, and combined with name and date of birth it is a strong base for identity-verification bypass and account takeover. Health-context records including medical certificates, rehabilitation plans, and work-injury documentation may also have been compromised. Anyone notified by their employer or municipality should treat their personnummer as exposed, monitor for unusual financial activity, and exercise heightened caution with unsolicited contact referencing health, payroll, or government-service matters.
ObscureIQ assessment: Exposure enables spearphishing, client impersonation, and leakage of business-sensitive compliance or sustainability data. Project records may also reveal regulatory exposure or strategic priorities.
Breach Impact
The institutional impact on Miljödata has been substantial because of the company's central role in Swedish municipal HR. The August 2025 attack disrupted services for approximately 164 municipalities, four regions, and around 250 client organizations including universities and private firms. Stolen data was published on the dark web in mid-September 2025, and Lund University alone reported about 16,000 current and former employees in the affected dataset. The incident drew direct comment from Sweden's Civil Defence minister and accelerated national debate over public-sector supply-chain concentration risk. The reputational and regulatory consequences are likely to be long-running given the systemic nature of the disruption.
About Miljödata
Miljödata is a Swedish software supplier that builds and operates IT systems for occupational health, sick-leave administration, rehabilitation tracking, and workplace-environment management. Privately held and based in Sweden, the company supplies its core platform, Adato, to the public sector. Roughly eighty percent of Sweden's 290 municipalities use Miljödata systems for HR processes, alongside several regions and a number of universities. The firm's customer base is concentrated in public administration, which makes its software a single point of failure for a large share of Sweden's municipal HR operations.
Why They Hold Your Data
Environmental and sustainability data firms collect client, project, compliance, and reporting records tied to environmental analysis, reporting, and data services.
Recent Developments
Miljödata is operating in the aftermath of the August 2025 ransomware attack and continuing to support municipal customers as systems are restored and incident analysis continues. The Swedish government, including the Civil Defence minister and national cybersecurity center CERT-SE, has been involved in the response. A wave of follow-on ransomware activity against Swedish municipalities through late 2025 and into 2026 has kept supply-chain risk a live policy issue. No specific ransomware group has publicly claimed responsibility for the Miljödata incident as of early 2026, and the firm has not disclosed whether the ransom was paid.
Data Points Exposed
7 verified field types
Date of Birth High
Email Address
Full Name High
Gender
Government ID Critical
Phone Number
Physical Address High
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:Critical
Primary downstream threats:
- Identity theft and synthetic identity construction using government-issued IDs
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Identity verification bypass
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- Profile enrichment
- Identity fraud with official bodies
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
Threat Actor: Unspecified ransomware group (1.5 BTC ransom demand)
Unspecified ransomware group (1.5 BTC ransom demand)
Ransomware
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.
Recommended Actions
If you believe your information may be included:
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Miljödata breach?▾
Swedish IT supplier Miljödata was hit by a ransomware attack discovered on Saturday, August 23, 2025. The intrusion compromised systems the company operates on behalf of a large share of Sweden's public sector, including its Adato platform for occupational-health and HR workflows. The attackers…
What data was exposed?▾
Verified fields include Date of Birth, Email Address, Full Name, Gender, Government ID, Phone Number, Physical Address.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation