Cyber Incident Victim: Kumla kommun

In early November 2024, Kumla kommun experienced a significant cyberattack that compromised its IT infrastructure. The attack, occurring at the start of the week preceding November 4, allowed threat actors to access nearly all systems within the municipal environment, as confirmed by Kommundirektör Gunilla Mueller Prabin. Following the breach, the municipality took immediate containment measures by shutting down its entire IT network and transitioning to analog operations to prevent further unauthorized access. Attackers issued a ransom demand, though the specific nature of the compromised data remained unclear at this initial stage. The disruption forced municipal services to operate without digital systems, significantly impacting administrative functions and service delivery.

By November 15, Kumla kommun confirmed that a substantial volume of stolen data had been published on Darknet, likely representing all information exfiltrated during the attack. Municipal Director Gabriella Mueller Prabin acknowledged the severity of the incident, emphasizing the potential distress caused to employees and citizens by the exposure of sensitive data. The municipality reported the breach to the Swedish Authority for Privacy Protection (IMY), the Swedish Civil Contingencies Agency (MSB), and the Police, fulfilling regulatory obligations. Technical countermeasures included restricting external network connections to block attackers from stealing additional data. Recovery efforts progressed gradually, with the municipality announcing on November 15 that it had begun systematically restoring access to its systems while continuing to assess the full scope of the data exposure. The incident underscored operational vulnerabilities and highlighted the broader societal risks associated with municipal cyberattacks.