All staff members have leaked data following the cyberattack
Photo: Joshua Woroniecki/Unsplash
All staff members at Örebro University are affected by the major leak from Miljödata. This is confirmed by checks conducted by both the company and Örebro University. Former employees are also impacted by the leak.
During the weekend of 23–24 August, Miljödata was subjected to a cyberattack, during which the perpetrators gained access to data from Swedish municipalities and universities, among others.
Örebro University has used Miljödata’s Adato system mainly for recording sick leave. Adato stores personal data of individuals who are, or have been, employed at Örebro University. According to Miljödata’s investigation, the following information has been leaked.
- Name
- Personal identification number
- Gender
- Contact details
- Number of sick days
“All employees at Örebro University are included in the leak, which includes many previous employees. Even though most of the information is public, this is obviously a very serious matter,” says Katarina Åkerling Lindholm, head of HR at Örebro University.
The university employs around 1,600 staff members. It has been confirmed that many former employees were included in the material leaked during the cyberattack. A thorough review is currently underway to establish the exact number of affected individuals.
According to Miljödata’s investigation, no sensitive information, such as medical certificates or treatment plans, has been leaked.
Individuals with protected identities remain anonymous in these systems, and their personal data stays confidential, despite the data leak. Even confidential addresses have been specifically protected and remain inaccessible. Students are unaffected by the leak.
“We don’t know if the data is at risk of being disseminated or if the main purpose was to extort money from the data company. But to be on the safe side, we would like to urge people to be extra vigilant, for example, if they are contacted by individuals or companies they have not had contact with before,” says Katarina Åkerling Lindholm.
The incident has already been reported by the university to the Swedish Data Protection Authority (IMY) and the Swedish Civil Contingencies Agency (MSB). Miljödata has reported the cyberattack to the police.
If you are a current or former employee of Örebro University and have questions about this matter, please contact adatofragor@oru.se.
Learn more about data theft
On these official websites, you can read more about risks and what you can do if you are affected.
- Identity theft – how to protect yourself in the case of ID theft and identity fraud – Swedish Tax Agency
- Secure your e-identification – Swedish Civil Contingencies Agency (MSB)
- Victim of ID theft and what to do – Swedish Consumer Agency
- Everything about data security – Swedish Civil Contingencies Agency (MSB)
- Protect yourself against scam calls – Swedish Police Authority
- Identity fraud – What should you do and how to protect yourself (in Swedish) – Swedish Police Authority
- Measures to take if you have been affected by a personal data incident (in Swedish) – IMY