A hacker group called ByteToBreach has leaked sensitive information from a government IT system on the darknet. The leak includes source code, passwords, and personal data from a platform managed by IT consultant CGI Sweden. Authorities like Cert-SE confirm they are aware of the reports but decline to comment.
On the evening of Thursday, March 12, 2026, large amounts of sensitive information were posted on the darknet, according to reports from Dagens Nyheter, Expressen, and SVT Nyheter. The data stems from a breach at IT consultant CGI Sweden, which manages critical digital services for Swedish authorities. The hacker group ByteToBreach claims responsibility, stating they exploited flaws in the digital infrastructure.
The leaked material includes the full source code for Sweden's e-government platform, email passwords, personnel data, configurations for an e-signature portal, and a representatives' register. The platform is used for digital identity management, including BankID logins for agencies like Skatteverket. The group has made the source code available for free download, while databases containing personal data on Swedish citizens and electronic signing documents are sold separately.
The leak was reported by the site Darkwebinformer and the cybersecurity account International Cyber Digest. Cyber Digest describes it as ”a serious exposure of the trust anchors and identity solutions that power Sweden's digital state.” ByteToBreach is also suspected in a prior breach at Viking Line, where passenger data was leaked.
Cert-SE, tasked with preventing IT security incidents under MSB, confirms: ”We are aware of the reports but cannot comment at this time.” DN has reviewed the alleged leak and published details on how the breach was carried out on a cybercriminal forum. CGI Sweden has been sought for comment.
