Cyber Incident Victim: Skatteverket
Date:
Mar 2025
Location:
Sweden
Summary
Skatteverket experienced adistributed denial‑of‑service attack that overwhelmed its login service Mina sidor and other electronic services, making it difficult for users to access their accounts while leaving the website content and service data unchanged. The agency stated that although it has measures in place to handle such traffic surges, the attack caused temporary disruptions to its e‑services. IT‑director Peder Sjölander confirmed that the organization is working to restore normal operation as quickly as possible.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday,March 18 2025, Skatteverket’s online services became difficult to reach, with users reporting problems accessing the Mina sidor login portal and other e‑services. Initially the difficulty was attributed to a high volume of people attempting to file tax returns simultaneously. Later that day Skatteverket confirmed that the disruption was caused by an overload attack targeting the login and e‑service functions. The agency emphasized that the attack did not alter or compromise the content of its website or the data within its services.
The overload prevented many users from logging in and carrying out routine transactions, creating noticeable disturbances in the availability of the e‑services while the informational pages on Skatteverket.se remained accessible and unchanged. Skatteverket acknowledged that despite having a prepared organization for handling such attacks, the incident still resulted in service interruptions for the public. The agency noted that the impact was limited to the authentication and service access layers, with no effect on the underlying data or published information.
In response, Skatteverket stated that it was working to resolve the overload as quickly as possible and highlighted its existing readiness to meet this type of threat. IT‑director Peder Sjölander commented that the agency’s preparedness mitigated worse outcomes but could not entirely prevent the day’s disturbances. No further technical details about the attack’s source, duration, or specific mitigation steps were disclosed in the available sources.