The browser you are using is not supported by this website. All versions of Internet Explorer are no longer supported, either by us or Microsoft (read more here: https://www.microsoft.com/en-us/microsoft-365/windows/end-of-ie-support).

Please use a modern browser to fully experience our website, such as the newest versions of Edge, Chrome, Firefox or Safari etc.

Update: Cyberattack on our system provider Miljödata has resulted in a data breach

På svenska
By webbansvarig [at] hr [dot] lu [dot] se (HR-sektionens webbansvarig) - published 5 September 2025
Hacker using computer virus for cyber attack. Mostphotos.

An investigation by Miljödata AB, the provider of the Adato system used by Lund University, has revealed that the group behind last week’s cyberattack on Adato managed to access certain information about all university employees. Former employees are also affected.

What information has the threat actor obtained?

The data accessed by the threat actor includes, among other things, personal identity numbers, names, addresses, contact details, and rehabilitation chain dates.

Miljödata clarifies that the breach does not involve information related to employees’ health (such as medical certificates and reasons for rehabilitation plans), union affiliation details, or notes made by managers.

What happens next?

The investigation into the cyberattack is ongoing, and Miljödata is keeping its customers continuously updated.

The University takes the situation very seriously and will take appropriate measures and share further information as more details become available.

The university will file a police report and will also update its previous notification to the Swedish Authority for Privacy Protection (IMY) based on the new information from Miljödata.

Pay extra attention

Given the current situation, we ask all employees to pay extra attention if you are contacted by people or companies that you have not been in contact with before or in a way that you do not usually contact each other.

This applies to phone calls, SMS, letters, and emails – both to your work-related and personal contact details. 

Read more about how to protect yourself here: 

Questions?
If you have any questions, please speak to your manager. If you are a manager, you can seek support from your HR function.

Background – What Has Happened Previously

Cyberattack on System Supplier

Lund University’s system supplier, Miljödata AB, was subjected to a cyberattack over the weekend of 23–24 August. Miljödata provides the Adato system to Lund University. Adato is primarily used to document and manage rehabilitation cases.

 To contain the cyberattack, Miljödata initially isolated its systems, which meant that their clients were unable to access Adato. At first, Miljödata found no signs that any data had been exfiltrated. They engaged external experts to investigate the incident and to restore the affected systems. Based on information from Miljödata, the university carried out a controlled restart of Adato on 1 September 2025.

Latest news

Link to RSS
All news
Last updated: 5 Sep 2025