Update: Cyber Incident at Miljödata Leads to Personal Data Leak

News published:  08/09/2025

Over the weekend, 13-14 September, it became known that the attacker who, two weeks ago, attacked Miljödata (the provider of Adato), has published leaked information, making the information accessible to more people.

Important! This page was updated 19 september.

Latest updates:
2025-09-19

2025-09-16
2025-09-15

Because of that the attacker has published leaked information, it is now important that all current and former employees remain extra vigilant. See below for information on what you should be alert to.

What happens now?

SLU has today, September 19, closed the incident. The investigation that could be carried out has been completed. The internal incident group has identified a number of improvement measures to be followed up.

Questions regarding the incident can still be directed to the HR specialists or the data protection function.

 

Adato is used by SLU to monitor sick leave and to document rehabilitation and other preventive measures. The system contains personal data about current and former SLU employees.

It has now come to light that certain information about current and former SLU employees has leaked from Adato to the attacker. Your personal data may be in the system if you have had sick leave, rehabilitation cases or submitted receipts for healthcare/medication.

The leaked data includes:

  • name
  • personal identity number
  • employment start date
  • contact details, including home address
  • gender
  • estimated retirement date
  • number of sick leave days

Miljödata emphasises that, at this point, no information has been leaked that includes details from medical certificates, union affiliation, notes made by managers, or information about the reasons for rehabilitation plans.

Individuals at SLU with protected personal data have not had their protected information disclosed

Be vigilant
Given the current situation, employees are urged to remain especially vigilant if contacted by individuals or companies you have not previously been in touch with, or if the contact occurs in an unusual way. This applies regardless of whether communication is made by phone call, SMS, letter, or email – and applies both to your work-related and private contact details.

Anyone who suspects that someone is attempting to use or has used their personal information should contact the Police at 114 14.

There is a risk of identity theft. These pages provide information on preventive measures and the steps you can take should it occur (information in Swedish):

Identity theft – how to protect yourself against identity takeover and fraud | Swedish Tax Agency

Actions if you are affected by a personal data incident | IMY

Identity theft, ID takeover | Swedish Police

Secure your e-ID, MSB

Background – what has happened so far
SLU’s system provider Miljödata AB was subjected to a cyberattack on Saturday, August 23. Miljödata provides the Adato system to SLU. Adato is mainly used to document and manage rehabilitation cases. The storage of the data in Adato is handled by Miljödata, and therefore SLU is affected by the cyberattack.

To contain the cyberattack, Miljödata initially isolated its systems, which meant that their customers could not use Adato. Initially, Miljödata could not see any signs that data had been taken. It has now become clear that certain information has leaked from Adato to the attacker.

Based on information from Miljödata, SLU carried out a controlled restart of Adato on September 1, 2025.

SLU has reported the incident to the Swedish Authority for Privacy Protection (IMY) and the Swedish Civil Contingencies Agency (MSB). Miljödata has reported the cyberattack to the police.

Contact

If you have questions, please contact HR at HR-specialisterna@slu.se

SLU’s Data Protection Officer can be contacted at dataskydd@slu.se