News

Cyber incident at Miljödata leads to personal data leak

Published: 08 September 2025

Over the weekend 13-14 September, it became known that the attacker who, two weeks ago, attacked Miljödata (the provider of Adato), has published leaked information, making the information accessible to more people. Because of this, it is now important that all current and former employees remain extra vigilant. See below for information on what you should be alert to.

Important! This page was updated on 19 September.

Latest updates:
2025-09-19
2025-09-16
2025-09-15

What happens now?

SLU has today, 19 September, closed the incident. The investigation that could be carried out has been completed. The internal incident group has identified a number of improvement measures to be followed up.

Questions regarding the incident can still be directed to the HR specialists or the data protection function.

The information leaked from Adato includes certain details about all current and former employees at SLU.

The leaked data includes:

  • name
  • personal identity number
  • employment start date
  • contact details, including home address
  • gender
  • estimated retirement date
  • number of sick leave days

Miljödata emphasises that, at this point, no information has been leaked that includes details from medical certificates, union affiliation, notes made by managers, or information about the reasons for rehabilitation plans.

Individuals at SLU with protected personal data have not had their protected information disclosed.

Be vigilant

Given the current situation, employees are urged to be extra vigilant if contacted by individuals or companies you have not previously been in touch with, or if the contact occurs in an unusual way. This applies regardless of whether communication is by phone call, SMS, letter, or email – and applies both to your work-related and private contact details. Do not click on links or open attachments that you do not trust, and do not disclose information such as passwords, bank card details, or similar.

Anyone who suspects that someone is attempting to use or has used their personal information should contact the police at 114 14.

There is a risk of identity theft and fraud attempts. These pages provide information on preventive measures and the steps you can take should it occur (information in Swedish only):

Identity theft – how to protect yourself against identity takeover and fraud | Swedish Tax Agency

Actions if you are affected by a personal data incident | IMY

Identity theft, ID takeover | Swedish Police

Secure your e-ID, MSB

Background – what has happened so far

SLU’s system provider Miljödata AB was subjected to a cyberattack on Saturday, 23 August. Miljödata provides the Adato system to SLU. Adato is used by SLU for monitoring sick leave and documenting rehabilitation and other preventive measures. The system contains sensitive personal data about all current and former SLU employees. The storage of the data in Adato is handled by Miljödata, and therefore SLU is affected by the cyberattack.

To contain the cyberattack, Miljödata initially isolated its systems, which meant that their customers could not use Adato. Initially, Miljödata could not see any signs that data had been taken.

On 5 September, SLU became aware that certain information about SLU employees and former employees had leaked from Adato to the attacker.

Based on information from Miljödata, SLU carried out a controlled restart of Adato on 1 September.

SLU has reported the incident to the Swedish Authority for Privacy Protection (IMY) and the Swedish Civil Contingencies Agency (MSB). Miljödata has reported the cyberattack to the police.

Contact

If you have questions, please contact HR at HR-specialisterna@slu.se

SLU’s data protection officer can be contacted at dataskydd@slu.se