Supplier attack paralysed hundreds of Swedish municipalities
In late August 2025 ransomware hit Swedish IT supplier Miljödata, which runs environmental and HR systems for roughly 80% of Swedish municipalities. Press reports put about 200 of 290 councils affected — payroll, sick leave, incident reporting.
In short: Around 200 councils, HR systems, dozens of breach reports. Ransomware through the supply chain.
Scale and response
The attack was detected on 23 August 2025. Extortionists demanded around 1.5 bitcoin (reported at roughly SEK 1.5 million or about USD 168k). Sweden’s IMY received dozens of breach notifications within the 72-hour window.
Councils including Skellefteå, Umeå, Karlstad, and Kalmar activated crisis teams. Sensitive employee and student data was at risk — not just downtime, but GDPR-style obligations.
The single-supplier lesson
Even with your own cloud, you often rely on SaaS for payroll, HR, or line-of-business apps. One compromised partner can knock out hundreds of clients at once.
- Map where critical data lives and who has admin access.
- Require contracts, DPAs, and EU incident reporting.
- Keep files and collaboration on European hosting with your own backups.
When your cloud cuts you off — why one account hurts. Backups in Nextcloud.