- Swedish authorities investigate alleged leak targeting national e-government platform infrastructure.
- Hackers claim to release source code linked to Sweden digital services.
- Cybersecurity experts warn leaked development files could expose system vulnerabilities.
Swedish authorities have opened an investigation after a threat actor claimed to leak material tied to Sweden’s e-government platform. The claim has raised concerns about the potential exposure of sensitive infrastructure data used by millions of citizens.
Reports circulating on cybersecurity forums and social media indicated that a hacker group called ByteToBreach released files allegedly linked to CGI Sverige. The company operates as the Swedish subsidiary of global IT services firm CGI Group.
Local media outlet Aftonbladet reported that the leaked material may involve components connected to Sweden’s digital public services platform. CGI Sverige provides technology support for several government systems used across the country.
However, the company stated that the incident involved two internal testing servers rather than active production systems. CGI explained that those servers contained an older version of an application along with related source code.
Moreover, the company said its investigation found no signs that operational services or customer production data were affected. CGI press secretary Agneta Hansson confirmed to Aftonbladet that Swedish authorities are currently reviewing the situation.
Also Read: HSBC and Standard Chartered Lead Race for Hong Kong Stablecoin Licenses
Investigation Begins After Hacker Claims Data Leak
Authorities started reviewing the case after cybersecurity accounts on X circulated claims that the hacker group had uploaded several files linked to Sweden’s digital infrastructure.
Besides the source code, some of the exposed materials allegedly include configuration files and internal documentation. Analysts reviewing the claims said such files could reveal details about system structures.
Meanwhile, Swedish civil defense minister Carl-Oskar Bohlin confirmed that the government is analyzing the incident. Authorities are working alongside CERT-SE and the National Cyber Security Center during the investigation.
Additionally, IT security specialist Anders Nilsson examined samples of the leaked files. According to Nilsson, early findings suggest that the materials circulating online appear authentic. He noted that the leak includes what looks like source code connected to several programs. Nilsson stated that the available evidence indicates the hack may indeed be genuine.
Experts Warn of Potential Risks From Exposed Code
Sweden relies heavily on digital services provided through its e-government systems. Eurostat data shows that about 95 percent of the country’s 10.7 million residents used these services during 2024. Consequently, cybersecurity researchers warned that exposed development materials could create follow-on risks. Attackers sometimes analyze leaked code to identify vulnerabilities in active infrastructure.
Threat intelligence platform Threat Landscape also highlighted a possible pattern behind the activity. The group said ByteToBreach previously claimed responsibility for a breach involving Viking Line. Moreover, analysts believe the incidents may form part of a broader campaign targeting Swedish and European infrastructure. CGI’s managed services network could therefore represent a strategic target.
Authorities Continue Assessment of Potential Impact
Investigators have not yet verified the complete contents of the alleged data dump. However, reports claim the files may include internal staff databases and electronic signing documents. The threat actor also claimed to possess personally identifiable information connected to citizens. Authorities have not confirmed whether such information exists in the leaked materials.
Swedish authorities and cybersecurity agencies continue to analyze the reported leak and its potential impact. Investigators are working to verify the data and identify the individuals behind the breach.
Also Read: AAVE Shock: Trader Loses Nearly $50 Million in Massive DeFi Swap Error
