Cyber Incident Victim: Skåne län
Date:
Jan 2024
Location:
Sweden
Summary
A ransomware attack targeting IT provider Tietoevry disrupted services across multiple organizations, including a municipality in Skåne and Lund University. The attack compromised critical systems such as payroll processing, library loan management, high school enrollment platforms, and Lund University's personnel administration system (Primula), forcing staff to resort to manual operations. No recovery timeline was established, with widespread operational challenges anticipated due to the provider-level breach. The incident impacted both public sector functions and educational institutions, though it was not specifically directed at the affected entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 20, 2024, a ransomware attack targeted Tietoevry, a major IT services provider, causing widespread disruptions for multiple Swedish municipalities, businesses, and institutions, including Vellinge Municipality in Skåne County. The attack compromised critical systems hosted by Tietoevry, forcing Vellinge’s official website offline and disabling essential municipal services. Gustaf Lorentz, Vellinge’s communications director, confirmed the incident was not a direct attack on the municipality but a consequence of the breach at their third-party provider. Immediate impacts included the inaccessibility of payroll systems for municipal employees, disruptions to library loan services, and failures in systems supporting high school enrollment processes. No restoration timeline was provided, with Lorentz warning of a "messy week" ahead as staff resorted to manual workarounds. The attack’s scope extended beyond public-facing platforms, affecting internal administrative operations reliant on Tietoevry’s infrastructure.
Lund University’s LTH (Lunds Tekniska Högskola) also experienced severe operational issues due to the ransomware incident, specifically losing access to Primula, its personnel and payroll management system. The university cited Tietoevry’s reported ransomware-related outage as the cause and implemented unspecified security measures in response. Service interruptions at both Vellinge and LTH highlighted dependencies on centralized IT providers, with payroll processing emerging as a critical vulnerability across affected organizations. Municipal libraries faced an inability to manage loans digitally, while educational services like student enrollment systems remained nonfunctional. Neither entity disclosed technical details of the attack or containment steps taken by Tietoevry, focusing instead on operational contingencies. The incident underscored broad supply-chain risks, with downstream disruptions paralyzing core public services without direct compromise of municipal networks.