Follow-up on IT Incident – Data from Linnaeus University has unfortunately leaked
On 16 August, Miljödata AB and their system Adato were subjected to a cyberattack. Linnaeus University uses Adato to document long-term sick leave and rehabilitation cases. At the time, Miljödata informed us that no personal data from the university had been exposed in connection with the attack.
Miljödata has now informed us that this was incorrect and that certain data from Linnaeus University has, in fact, leaked. This concerns personal data for 3,590 individuals.
Unfortunately, this means that employee ID numbers, phone numbers, email addresses, names, postal addresses, and personal identity numbers have been leaked for all employees with monthly salaries. This also includes former employees. Data for hourly-paid employees has not been leaked.
For 170 individuals, information has leaked indicating that they have or have had extended periods of sick leave. However, no information or notes regarding the actual rehabilitation or sick leave cases themselves have been leaked. Affected individuals have received direct emails from the Data Protection Officer.
We want to emphasize that no data regarding medical certificates, treatment plans, or other health-related information has been leaked.
If you have questions regarding the incident, please contact the HR department at hr@lnu.se
If you have questions about the processing of personal data, you can contact Linnaeus University's Data Protection Officer at dataskyddsombud@lnu.se
Linnaeus University is the data controller for the processing carried out in Adato and is closely following Miljödata’s investigation and security efforts for continued operations. We regret that external parties have been able to access this data due to the attack.
Fact Box: Stay Alert
Due to the current situation, anyone affected is urged to be extra cautious if contacted by individuals or companies you haven’t previously interacted with, or if the contact occurs in an unusual manner. This applies regardless of whether the communication is via phone call, SMS, letter, or email—both to your work-related and private contact details.
-
Do not click on links or open attachments you don’t trust.
-
Do not disclose sensitive information such as passwords, banking or card details, etc.
If you suspect someone is attempting to use your personal data, contact the police at 114 14.
If you receive suspicious emails or spam through contact details linked to your work at Linnaeus University, report it to: it-support@lnu.se
There may be a risk of identity theft and fraud attempts. The following pages offer advice on prevention and what actions to take if it happens: