Swedish authorities have launched an investigation following claims by a hacker group that it leaked source code and related files tied to the nation's critical e-government platform. The threat actor, known as ByteToBreach, claimed responsibility for the breach, allegedly releasing files connected to CGI Sverige, the Swedish subsidiary of the global IT services firm CGI Group, which provides technology support for several government digital systems.
CGI Sverige confirmed a cybersecurity incident involving two internal testing servers in Sweden. The company stated that these servers contained an older version of an application and its associated source code but emphasized they were not connected to active production environments. CGI press secretary Agneta Hansson told local media there is no indication that operational services or customer production data were affected. The company's investigation is ongoing alongside the official probe.
Sweden's civil defense minister, Carl-Oskar Bohlin, confirmed the government is analyzing the incident. Authorities are coordinating with national cybersecurity agencies, including CERT-SE and the National Cyber Security Center, to verify the leaked data's contents and identify those responsible. IT security specialist Anders Nilsson, who examined samples of the leaked files, stated that early findings suggest the materials appear authentic and include source code for several programs.
Cybersecurity experts have raised alarms about the potential risks. With approximately 95% of Sweden's 10.7 million residents using e-government services in 2024, exposed development materials could allow attackers to analyze system structures and identify vulnerabilities in the active infrastructure. Threat intelligence analysts note that ByteToBreach has previously claimed responsibility for a breach involving Viking Line, suggesting a possible broader campaign targeting Swedish and European infrastructure.
While the full contents of the alleged data dump are still being verified, some reports claim it may include internal staff databases, electronic signing documents, and potentially personally identifiable information of citizens. Authorities have not confirmed these details. The investigation continues to assess the potential impact and trace the origins of the breach.
