On Thursday evening, DN was able to report that a lot of sensitive information about the state system had been published on a page on the dark web. This was data from a service that is used, among other things, for verification with bank IDs.
The information could be published after a hacker attack on the IT company CGI in Sweden.
As a result, the Civil Defense Agency, formerly MSB, suspended its e-services. Now the authority confirms that it is a direct response to the leak.
– It is a consequence of the incident related to CGI, says Jonas Klint from the MCF press service.
According to the authority, the e-services were switched off for security reasons. This records which of your own services may be affected.
To receive reports about explosive goods, the authority uses, among other things, bank cards and other electronic signatures.
CGI has previously stated that the attack was against two test servers that are not used in Sharp mode. However, DN’s review shows that the files published in the leak suggest that in a number of cases it could have been information that is actually used on so-called production servers. More specifically, these are files that appear to be linked to MCF’s e-services.
The mapping also shows that the leak contains not only source code, but also what appear to be passwords and security keys.
The person or group claiming to be behind the leak is known to have committed similar violations in the past, including recently against Viking Line. Data about some of the company’s customers was stolen in a breach and leaked. As with previous attacks, the CGI breach was disclosed in a post on a cybercrime forum.
CGI is one of the largest IT providers for the public sector in Sweden. On Friday evening, the company confirmed the incident, but then announced that it was test servers. “In connection with the incident, a system with an older version of the source code of an application was also accessed,” the company wrote in a statement to DN.
