Cyber Incident Victim: Vellinge Municipality
Date:
Jan 2024
Location:
Sweden
Summary
A ransomware attack targeting IT provider Tietoevry disrupted municipal operations in Vellinge, causing widespread system outages affecting payroll processing, library services, and high school enrollment platforms. The incident necessitated manual workarounds by staff, with prolonged recovery expected to create significant operational challenges. Lund University's technical school also experienced disruptions to its personnel and payroll systems due to the same attack on the shared service provider, prompting additional security measures. Municipal officials confirmed the attack was not specifically directed at their infrastructure but originated through their external IT supplier.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 20, 2024, multiple Swedish municipalities, businesses, and regions experienced operational disruptions due to a ransomware attack targeting their shared IT provider, Tietoevry. Vellinge Municipality in Skåne County confirmed its systems were compromised as a consequence of this third-party breach, emphasizing the attack was not directly aimed at the municipality itself. The incident immediately rendered the municipality’s public website inaccessible, with no estimated restoration timeline provided. Internal operations faced severe interruptions, affecting payroll systems for municipal employees, library loan services, and high school admission selection platforms. Communications Director Gustaf Lorentz anticipated prolonged manual workarounds would be necessary across departments, predicting significant operational challenges throughout the upcoming week. The breadth of impacted systems indicated widespread dependency on Tietoevry’s infrastructure for core administrative functions.
Concurrently, Lund University’s Faculty of Engineering (LTH) reported disruptions to its Primula system—a critical platform for personnel management and payroll administration—though the university clarified the outage stemmed from a ransomware incident affecting Statens Servicecenter’s provider, not a direct breach of its own networks. Lund University implemented unspecified security measures in response but did not detail containment or recovery procedures. Neither Vellinge nor Lund University disclosed whether data exfiltration occurred, the specific ransomware variant involved, or ransom demands. The attack’s cascading effects highlighted vulnerabilities in centralized IT service models, with municipalities and academic institutions alike experiencing collateral damage from the supplier-focused compromise. No additional entities beyond Vellinge and Lund University’s LTH were explicitly named in available reports, though the initial article referenced broader impacts across unnamed regional organizations.