Information regarding the cyber attack against Miljödata

An investigation by Miljödata AB, the provider of the Adato system used by Lund University, has revealed that the group behind last week’s cyberattack on Adato managed to access certain information about all university employees. Former employees are also affected. (The extent of the impact on former employees is still being investigated.)

What information has the threat actor obtained?

The data accessed by the threat actor includes, among other things, personal identity numbers, names, addresses, contact details, and rehabilitation chain dates.

Miljödata clarifies that the breach does not involve information related to employees’ health (such as medical certificates and reasons for rehabilitation plans), union affiliation details, or notes made by managers.

What happens next?

The investigation into the cyberattack is ongoing, and Miljödata is keeping its customers continuously updated.

The University takes the situation very seriously and will take appropriate measures and share further information as more details become available.

The university will file a police report and will also update its previous notification to the Swedish Authority for Privacy Protection (IMY) based on the new information from Miljödata.

Pay extra attention

Employees and former employees are urged to stay alert following the data breach. Pay extra attention if you are contacted by people or companies that you have not been in contact with before, or if the contact seems unusual. This applies to all types of communication, whether by phone, text message, letter or email, and whether directed to your work or private contact details.

You can read more about how to protect yourself on the following pages:

• Phishing and malware – msb.se
• Protect yourself against scam calls – polisen.se