Cyber Incident Victim: Munters
Date:
Jan 2024
Location:
Sweden
Summary
A ransomware attack targeting Munters' hosting provider, Tietoevry, compromised the confidentiality of preliminary financial results, forcing the company to release unaudited summaries ahead of schedule. The incident disrupted the organization's financial consolidation system and limited business operations, with no estimated resolution timeframe. The company maintains ongoing communication with the provider to address the situation but confirmed no further financial disclosures until the scheduled full report.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 22, 2024, Munters Group AB disclosed that a ransomware attack targeting one of its hosting providers, Tietoevry, compromised the confidentiality of its preliminary financial results for the fourth quarter and full year 2023. The incident disrupted Munters' financial consolidation system and a limited subset of its business operations, though the company did not specify the exact timeline of the attack or its initial detection. Due to concerns that unauthorized parties might access sensitive financial data, Munters preemptively released summarized unaudited results ahead of its scheduled full-year report on February 1, 2024. The breach originated within Tietoevry's infrastructure, but Munters did not identify the ransomware variant or the attackers. Munters emphasized ongoing coordination with Tietoevry to resolve the situation, though no restoration timeline was provided. The company confirmed no direct compromise of its internal systems but acknowledged dependencies on the provider’s compromised services. Operational impacts included delayed financial reporting workflows and potential exposure of pre-release earnings data. Munters stated it could not guarantee the integrity of its financial disclosures until full system functionality was restored.
The incident necessitated the early publication of key financial metrics, including a 16% organic increase in Q4 2023 net sales to MSEK 3,659 and a full-year adjusted EBITA of MSEK 1,839. Munters clarified that all disclosed figures remained preliminary and subject to revision in its final audited report. CEO Klas Forsström characterized the attack as a serious incident but affirmed the integrity of the company’s 2023 performance data. No customer data breaches, operational stoppages, or direct financial losses from the ransomware event were reported. Munters maintained standard investor communications protocols, scheduling its full-year webcast and teleconference for February 1 as originally planned. The company declined to speculate on long-term operational or reputational repercussions, focusing instead on restoring system normalcy through its provider. Tietoevry’s role in the incident remained under review, with Munters deferring detailed technical or forensic assessments pending further updates from the vendor. The disclosure adhered to EU Market Abuse Regulation requirements, emphasizing transparency despite the unresolved disruption.