A massive data breach at security company Gunnebo AB has exposed sensitive documents related to security arrangements for the Swedish parliament, as well as details of European banks’ vault floor plans and alarm systems, newspaper Dagens Nyheter reported.
The incident took place in August 2020. At the time, Gunnebo said that attackers attempted to gain access to the company's servers and that it reported the incident to the Swedish Security Service (Sдpo) after external IT-forensics had concluded that the attack was “well organized,” although the company did not disclose what data may have been compromised.
Headquartered in Sweden, Gunnebo is a multinational company with nuclear power plants, hospitals and airports among its international customers.
According to Dagens Nyheter, the hackers stole a total of 19 GB of data and around 38,000 files fr om Gunnebo, the documents were then uploaded to the dark web. The leaked documents reportedly include details of the security measures at the Swedish parliament and confidential plans of the Swedish Tax Agency's new office on the outskirts of Stockholm, as well as plans for bank vaults in at least two German banks. Among leaked files are also documents related to the alarm systems and surveillance cameras at a branch of the SEB bank in Sweden, the newspaper reported.
Gunnebo confirmed on Tuesday it has suffered a data breach.
“It's of course unfortunate that we've had a theft of data. We are now reviewing the material and in the cases wh ere there is sensitive information we are contacting the client,” Gunnebo CEO Stefan Syren said.
Syren said the attack started on August 18 and the company had a first indication on September 25 that the data would be leaked online but had had no contact with the hackers.
According to security experts, the attack against Gunnebo was part of a relatively new ransomware operation named “Mount Locker,” which has been making rounds since July 2020. Like many other ransomware gangs, the Mount Locker ransomware operators are stealing victims’ unencrypted data and demanding multi-million ransom threatening to publish the information unless they received payment.