Cyber Risk

Customer information from Swedish security firm Gunnebo leaked by hackers

STOCKHOLM (Reuters) - Swedish security firm Gunnebo said on Tuesday it was in contact with customers after hackers had released sensitive information about their accounts after its system was compromised two months ago.

FILE PHOTO: A man types on a computer keyboard in this February 28, 2013 illustration file picture. REUTERS/Kacper Pempel/File Photo

Gunnebo said in August that it had reported an attack against its servers to the Swedish Security Service, after external IT-forensics had concluded that the attack was well organised.

Three security experts told Reuters that large amounts of leaked data was available for download on the dark web in a 18-gigabyte file, after Swedish daily Dagens Nyheter (DN) first reported on Tuesday that information had been released by hackers.

DN said data released included information about security measures for the Swedish parliament.

One page hosting the download link to the leaked data put up by hackers and seen by Reuters showed a summary of the content, which included details on Gunnebo’s financial information, banking details and passwords and details of customer transactions.

Gunnebo makes entrance control systems for buildings including offices and airports.

“What has happened is very unfortunate. We have been exposed to very serious crime,” CEO Stefan Syren told Reuters by phone. “My assessment is that we have had a good level of security but we need to become excellent,” he said, adding the firm had engaged an external team to improve the IT structure, among other things.

DN said the material was uploaded on a public server during the second half of September. Syren said the attack began on Aug. 18 and the company had a first indication on Sept. 25 that the data would be released on a public server but had had no contact with the hackers.

Security experts said the hack was part of a ransomware operation called “Mount Locker” where hackers attack corporate systems, lock up computer files and encrypt them, blocking access until a ransom is paid, usually in cryptocurrency like bitcoin.

The hackers had 38,000 files from the Swedish company, with information about customers worldwide, including the protection of the Swedish parliament and drawings of bank vaults, DN reported here.

“We are going through the material now and in those cases where information is sensitive we make contact with the customer,” Syren told DN.

Gunnebo is currently fielding a bid from investment company Stena Adactum and private equity firm Altor that values Gunnebo at around 2.4 billion Swedish crowns.

German conglomerate Thyssenkrupp was also a victim of a similar ransomware attack in August. Thyssenkrupp’s system engineering in North America received a ransomware threat, a spokeswoman said. “The company identified and resolved the threat shortly after it was discovered,” she said.

In 2017, the WannaCry ransomware attack disrupted hospitals and businesses across the world.

“If a company has been attacked by ransomware, you should already assume that data was exfiltrated before that,” a security researcher said. “And when that happens, it’s already too late to really do anything but damage control.”

The U.S. Treasury said here this month that facilitating ransomware payments to sanctioned hackers may be illegal, signalling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.

Reporting by Helena Soderpalm and Supantha Mukherjee; Editing by Susan Fenton