Cyber Incident Victim: Statens servicecenter
Date:
Jan 2024
Location:
Sweden
Summary
A ransomware attack targeted one of Tietoevry's Swedish data centers, partially disrupting services for several customers, including Statens servicecenter. The organization confirmed its payroll systems were unaffected, enabling January salary payments to proceed as planned due to pre-submitted bank files, while other IT systems remained operational. Tietoevry initiated high-priority mitigation and restoration efforts, though recovery timelines remain uncertain. The incident response involves close collaboration between the affected parties to assess ongoing impacts, with further updates promised as the situation evolves.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of January 19-20, 2024, Tietoevry detected a ransomware attack affecting one of its multiple data centers in Sweden. The incident partially disrupted services for several Swedish customers, including Statens servicecenter. Tietoevry immediately initiated high-level response measures to investigate the breach, mitigate damage, and restore normal operations, though the company could not estimate the timeline for full recovery at the time of reporting. Statens servicecenter confirmed its involvement in the affected customer group and established close collaboration with Tietoevry to monitor service disruptions. The organization activated contingency protocols designed for IT system failures while awaiting resolution of the attack's technical impacts.
Specific operational consequences included disruptions to certain Statens servicecenter systems, though critical payroll functions remained unaffected. Salary files for January had already been transmitted to banks prior to the incident, ensuring timely wage payments to client agencies using the Primula system. Other core systems operated by Statens servicecenter maintained normal functionality without ransomware-related interruptions. The organization committed to providing continuous updates as Tietoevry's investigation progressed and restoration efforts unfolded. No additional technical details regarding attack vectors, threat actors, or data compromise were disclosed in the initial statement.