Swedish authorities are investigating a suspected breach of the country’s e-government platform that may involve sensitive systems and personal data. The probe began after hackers claimed to have obtained internal files linked to the platform.
The hacking group ByteToBreach announced the breach on the dark web on Thursday, posting what it said was data taken from the Swedish subsidiary of IT consulting firm CGI Group. The cache allegedly includes parts of the platform’s source code, staff databases, configuration files, and materials described as “citizen databases” and electronic-signing documents offered for sale.
According to Eurostat, about 96% of Sweden’s population of 10.7 million used e-government services in 2025. According to Dagens Nyheter, the hacked system is used, among others, by the Swedish tax authorities.
BankID—Sweden’s widely used electronic identification system (e-ID), which functions as a secure digital equivalent to a passport or national ID card for online authentication—emphasized that its services are not affected.
“As always, we monitor the security situation 24 hours a day, and we are also following this incident. It is important to emphasize that Bank-ID has not been subjected to any attack. It is safe to use,” press spokesman Charlotte Pataky told Aftonbladet.
Officials confirmed they are reviewing the incident. Sweden’s national cyber incident center, CERT-SE, said the leaked material is being analyzed, while other government agencies are assessing the possible scope of the breach. Civil Defense Minister Carl-Oskar Bohlin said the government is in contact with the relevant authorities and monitoring developments.
CGI has downplayed the impact, saying the breach involved two internal test servers and an older version of application source code rather than live systems. But independent analysts warned that even outdated code could expose vulnerabilities that might be exploited in future attacks on Sweden’s digital services.
Threat intelligence company Threat Landscape said hackers are increasingly targeting public-facing cyber infrastructure throughout Sweden and Europe, pointing out that the data breach “creates a detailed roadmap for future attacks. Any attacker—nation-state or criminal— can now study the platform’s architecture, identify undisclosed vulnerabilities, and exploit them before patches are developed.”
The hacking group ByteToBreach also claimed responsibility for the Viking Line hacking incident, which happened only days earlier, when the major Finnish ferry company operating in the Baltic Sea had its passenger database and payment data revealed on the dark web.
