Sweden’s BankID breached by hacker group as gov’t prepares e-ID launch

Hackers have claimed they’re behind a breach linked to Sweden’s digital identity system, leaking code and credentials that could reveal how citizens authenticate into government services. It comes as Sweden gears up to launch a government e-ID in December.

The hacker group calls itself ByteToBreach and claims to have stolen a large dataset from CGI’s Swedish division, including source code reportedly used by public authorities.

Other databases containing personal data and electronic signature documents are allegedly being sold separately. One affected system is said to support BankID logins for the Swedish Tax Agency.

In a demonstration of the threats facing national digital public infrastructure, the incident throws an unfortunate spotlight on Sweden’s digital identity system. BankID is Sweden’s primary electronic ID, used daily by millions to access government portals, banks, payments and digital signatures.

The Swedish government is planning to launch Sverige-ID on December 1, 2026, giving both citizens and foreign residents an official alternative to the popular BankID, which was developed by Swedish banks as a digital identity service. The Sverige-ID will allow users to identify themselves, share information and provide e-signatures. The e-ID will also allow access to other EU countries’ digital services.

The hackers’ data dump appeared on the cybercrime forum Breached on Thursday night and was first reported by major Swedish newspapers Aftonbladet and Dagens Nyheter, reports Cybernews. Journalists at Dagens Nyheter reviewed parts of the leaked material, which they say include source code, passwords, and encryption keys. Cybernews could not independently verify the files, as the Breached forum was taken offline over the weekend by a cybersecurity initiative.

The Swedish Tax Agency sought to allay fears, saying there is no sign of direct impact. “We take all incidents seriously, but we don’t see anything that affects us right now,” said Peder Sjölander, the agency’s IT Director.

CGI later confirmed the breach. The company said attackers accessed a “limited number” of  internal test servers in Sweden. These servers were linked to a service used by a “limited number” of customers. CGI added that the intruders obtained an older version of the application’s source code and claims that production environments or operational data were not affected.

The breach nonetheless highlights the growing pressure on digital identity systems. BankID itself has been targeted before. Last year, a major DDoS attack knocked the service offline for hours, leaving more than 8.6 million users unable to log in to banks or send or receive money. Sweden’s population numbers just over 10 million.

The country has also faced a string of high‑profile cyber incidents. A Cybernews investigation uncovered a massive leak exposing over 100 million private records of Swedish citizens. IT supplier Miljödata suffered a ransomware attack that hit around 200 municipalities and regions, with personal data from 1.5 million people reportedly stolen. And Svenska kraftnät, the national electricity grid operator, confirmed a breach after the Russia‑linked Everest ransomware gang claimed to have siphoned hundreds of gigabytes of data.

With Sweden expanding digital public infrastructure and digital authentication for public and financial services, the resilience of its digital ID ecosystem is closely connected to national security as conversations around digital sovereignty also increase in urgency.

Article Topics

BankID  |  CGI  |  cybersecurity  |  digital ID  |  digital identity  |  e-ID  |  government services  |  Sweden