Miljödata Data Breach
Miljödata Swedish Occupational Health Software Breach (2025): 870K Records Including Swedish Government ID Exposed via Ransomware
Swedish software provider focused on occupational health, rehabilitation, and workplace environment management.
Risk Interpretation
Exposure enables spearphishing, client impersonation, and leakage of business-sensitive compliance or sustainability data. Project records may also reveal regulatory exposure or strategic priorities.
Impact & Downstream Threats
The institutional impact on Miljödata has been substantial because of the company's central role in Swedish municipal HR. The August 2025 attack disrupted services for approximately 164 municipalities, four regions, and around 250 client organizations including universities and private firms. Stolen data was published on the dark web in mid-September 2025, and Lund University alone reported about 16,000 current and former employees in the affected dataset. The incident drew direct comment from S
- Identity theft and synthetic identity construction using government-issued IDs
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
Swedish IT supplier Miljödata was hit by a ransomware attack discovered on Saturday, August 23, 2025. The intrusion compromised systems the company operates on behalf of a large share of Sweden's public sector, including its Adato platform for occupational-health and HR workflows. The attackers reportedly demanded 1.5 bitcoin, equivalent to roughly €144,000.\n\nThe blast radius was unusually wide for a single supplier breach. Approximately 164 municipalities, four regions, multiple universities, and a number of private firms were directly affected, totaling around 250 client organizations. In mid-September 2025, attackers published stolen data on the dark web. The dataset covered roughly 870,000 unique email addresses paired with names, phone numbers, physical addresses, dates of birth, gender, and Swedish personal identity numbers, also known as personnummer.\n\nThe exposure carries severe and durable risk for affected Swedes. The personnummer is a stable government identifier used widely for identity verification, banking, healthcare, and tax purposes, and combined with name and date of birth it is a strong base for identity-verification bypass and account takeover. Health-context records including medical certificates, rehabilitation plans, and work-injury documentation may also have been compromised. Anyone notified by their employer or municipality should treat their personnummer as exposed, monitor for unusual financial activity, and exercise heightened caution with unsolicited contact referencing health, payroll, or government-service matters.
About Miljödata
Miljödata is a Swedish software supplier that builds and operates IT systems for occupational health, sick-leave administration, rehabilitation tracking, and workplace-environment management. Privately held and based in Sweden, the company supplies its core platform, Adato, to the public sector. Roughly eighty percent of Sweden's 290 municipalities use Miljödata systems for HR processes, alongside several regions and a number of universities. The firm's customer base is concentrated in public administration, which makes its software a single point of failure for a large share of Sweden's municipal HR operations.
Why They Hold Your Data
Environmental and sustainability data firms collect client, project, compliance, and reporting records tied to environmental analysis, reporting, and data services.
Recent Developments
Miljödata is operating in the aftermath of the August 2025 ransomware attack and continuing to support municipal customers as systems are restored and incident analysis continues. The Swedish government, including the Civil Defence minister and national cybersecurity center CERT-SE, has been involved in the response. A wave of follow-on ransomware activity against Swedish municipalities through late 2025 and into 2026 has kept supply-chain risk a live policy issue. No specific ransomware group has publicly claimed responsibility for the Miljödata incident as of early 2026, and the firm has not disclosed whether the ransom was paid.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, gender, government_id, phone_number, physical_address
Dark Web Verification
- Dataset containing ~870K records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Miljödata Breach;miljodata-2025
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Miljödata
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam