Hackers have claimed to have breached CGI Sweden, the Swedish division of CGI, a global IT and consulting services company, and accessed data related to systems used by public sector services, including infrastructure connected to BankID.
The claims were published by a threat actor group identifying itself as ByteToBreach. The group said it had obtained a dataset from CGI’s systems and shared samples online. According to the post, the data includes source code, credentials, and technical information associated with systems used by Swedish government services.
Among the systems referenced is infrastructure linked to the Swedish Tax Agency that supports BankID authentication. BankID is a digital identification system widely used in Sweden for accessing online banking, government services, and other digital platforms that require identity verification.
Swedish media outlet Dagens Nyheter reported that it reviewed portions of the dataset. According to the report, the material includes source code as well as passwords and encryption keys tied to the affected systems. The outlet said the data appears to relate to software used in connection with public sector services.
The full extent and authenticity of the dataset have not been independently verified. The forum where the data was initially shared was later taken offline, limiting the ability of researchers to examine the material in detail.
CGI said it identified a security incident involving its internal environment and launched an investigation. The company stated that the issue was limited to two internal test servers rather than production systems used by customers. According to CGI, the affected servers contained an older version of an application along with related source code.
The company said it has found no evidence that production environments or customer data were impacted by the incident. CGI also stated that services used by clients, including those linked to government operations, remain unaffected.
The Swedish Tax Agency said there was no immediate impact on its services following the reported incident. Authorities in Sweden have opened an inquiry to assess the situation and determine whether any sensitive systems or data were exposed.
Officials have not confirmed whether the alleged breach resulted in unauthorized access to live systems or personal information. The investigation is ongoing, and further details have not been disclosed.