The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-ie-support).

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

Information regarding the cyber attack against Miljödata

På svenska

An investigation by Miljödata AB, the company which supplies the Adato system to Lund University, shows that the group behind the cyberattack on Adato was able to access certain information about all of the University’s employees. Former employees are also affected.

Both current and former employees of Lund University are affected, with the latter group including those employed from 2008 onwards.

According to Miljödata AB, the data stolen in the Adato rehabilitation service data breach was later published on the Darknet.

Be vigilant

Given these circumstances, staff members are encouraged to be particularly vigilant if they are contacted by persons or companies with whom they have not previously had contact, or when contact is made in an unusual way.
This applies to all forms of communication – phone calls, text messages, letters or emails. Both your work-related and private contact details may be affected.

Contact information 

If you are a former employee and have questions, please email:
Allmanhandling [at] hr [dot] lu [dot] se (Allmanhandling[at]hr[dot]lu[dot]se)

If you are a current employee and have questions, please speak to your manager.

FAQs 

The leaked information includes personal identity number, name, address, contact details and rehab chain days. Rehab chain days refers to data on the number of sick days reported to other public authorities.

Miljödata has clarified that the leak does not include information related to the health of employees (e.g. medical certificates or information about the reasons for rehabilitation plans), details of trade union engagement or notes made by managers.

The University has submitted a police report and a notification to the Swedish Data Protection Authority (IMY) based on the information provided by Miljödata. An incident report has also been submitted to the Swedish Civil Contingencies Agency (MSB). We await the results of those investigations. 

You can read more about how to protect yourself on the following pages:

Current employees at Lund University can contact the Service Desk at servicedesk [at] lu [dot] se.

Current employees at Lund University can find more detailed information on Staff Pages.

Background and earlier developments

Lund University's system supplier Miljödata AB was subjected to a cyberattack over the weekend of 23-24 August. Miljödata supplies the Adato system to Lund University. Adato is a system used primarily to document and manage rehabilitation cases.

To contain the cyberattack, Miljödata initially took their systems offline, which meant that their customers could not use Adato. At first, Miljödata was also initially unable to see any signs of data having been taken. They brought in external expertise to investigate the incident and to restore the affected systems. 

Last updated: 29 Sep 2025 | editors [at] kommunikation [dot] lu [dot] se