Tietoevry, a cloud hosting services provider, has fallen victim to a ransomware attack on one of its data centers in Sweden, impacting several customers and prompting store closures across the country. The attack, discovered over the weekend, involved the use of the Akira ransomware-as-a-service tools. While Tietoevry initially reported that the incident was confined to “one part of one of our Swedish data centers,” it did affect services for some of the company’s Swedish customers. Among those affected is Primula, a prominent payroll and HR company in Sweden, providing services to universities, government authorities, and various organizations.
Primula customers, including government entities like the Swedish State Service Centre (SSC), found services disrupted, preventing activities such as submitting personal leave and expenses requests. The SSC, responsible for managing administrative services, including payroll, for nearly 170 government agencies, stated that it has backup routines in place for such situations.
The attack’s impact extended to businesses in Sweden, with cinema chain Filmstaden and retailer Rusta reporting issues. Granngården, a retailer, announced the closure of its grocery stores across the country on Monday due to the ransomware attack.
Tietoevry took swift action, isolating the affected platform and launching an investigation to understand the full extent of the compromise. While the affected customers have been notified, the company has not disclosed whether any sensitive personal data was exfiltrated during the attack. The incident has raised concerns about the potential exposure of government payroll information, given the involvement of government payroll services provider Primula.
Tietoevry emphasized that the “security and continuity of our services is of utmost priority,” and it is treating the situation with the utmost seriousness. The company is working closely with internal staff and external specialists to investigate the incident, which has been reported to the police.
The restoration process is ongoing, and Tietoevry is collaborating with affected customers to address their specific needs. The incident has led to questions about the security measures in place, particularly as Tietoevry outsources its IT and HR services to Civica through the East Kent Services partnership. Civica, which collects revenues, benefits, customer services, and debt collection services for the affected councils, has not provided comments on the incident.
The impact of the attack on services and the potential exposure of sensitive information highlight the challenges organizations face in maintaining robust cybersecurity measures, especially when outsourcing critical services to third-party providers. The incident reinforces the need for businesses to prioritize cybersecurity and engage in proactive measures to mitigate the risk of ransomware attacks and other cyber threats.