Cyber Incident Victim: Loomis Sverige AB
Date:
Jan 2024
Location:
Sweden
Summary
The security firm Loomis Sverige AB experienced a cybersecurity incident stemming from a broader attack targeting Tietoevry, potentially exposing sensitive customer data within its business systems. Unauthorized access may have compromised banking details, personal identification numbers of company representatives, contractual documents, invoices, and contact information, though confirmation remains pending. The company primarily serves banking and retail sectors, handling cash management and secure transport operations for central banks and commercial institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 20, 2024, Loomis Sverige AB publicly disclosed its involvement in a cybersecurity incident stemming from a broader attack targeting Tietoevry, one of its service providers. The breach occurred over a weekend and potentially exposed sensitive business information stored in Loomis's affected systems. While the full scope remained unconfirmed, Loomis identified risks that unauthorized actors may have accessed corporate data including bank account details for client payments, personal identification numbers of company representatives, contact personnel records, invoices, contractual agreements, and related operational documentation. The company promptly notified customers of the potential compromise through a statement on its official website, emphasizing that the exposure was not yet verified but constituted a material risk requiring disclosure. Loomis acknowledged its reliance on Tietoevry's compromised infrastructure but did not specify technical details regarding the attack vector or duration of system exposure.
As a security-focused enterprise handling cash logistics, valuables transport, and ATM operations for major European banks, retailers, and central banks, Loomis's operational integrity hinges on safeguarding financial data and client assets. The incident directly threatened the confidentiality of institutional payment mechanisms and personally identifiable information tied to corporate leadership roles. Loomis's client base, predominantly comprising financial institutions and retail chains, faced secondary risks of supply chain exploitation through the exposed contractual and banking data. The company initiated internal reviews to assess data leakage and system vulnerabilities but had not released findings or restoration timelines by the disclosure date. Business continuity protocols remained active during the investigation, with customer service operations maintaining standard weekday availability for inquiries. The breach's confirmation status and forensic details remained pending as Loomis collaborated with external cybersecurity responders to evaluate the compromise's origin and full impact on its digital infrastructure.