TLDR
- Sweden investigates claims that hackers leaked source code tied to e-government systems.
- CGI Sverige says the exposure involved two internal test servers in Sweden.
- Authorities and CERT-SE are reviewing the incident and verifying the leaked data.
- Threat actor ByteToBreach claims responsibility for releasing the files online.
Swedish authorities are investigating a reported leak involving the country’s e-government platform after hackers claimed they released source code and related files online. The platform supports many public digital services used across Sweden.
Reports from cybersecurity accounts on X and local media said a threat actor called ByteToBreach published files linked to CGI Sverige. The company operates as the Swedish subsidiary of global IT firm CGI Group and works with government digital systems.
🚨Cyber Alert ‼️
🇸🇪Sweden – 𝗖𝗚𝗜
ByteToBreach claims to have breached CGI, allegedly accessing Sweden’s e-government source code and citizen PII databases after compromising a Jenkins environment.
Threat actor: ByteToBreach
Sector: ICT
Data exposure (claimed): Not specified… pic.twitter.com/PZDok5LdzC— Hackmanac (@H4ckmanac) March 13, 2026
CGI said its cybersecurity team detected an incident involving two internal test servers in Sweden. The company stated that these servers were not connected to production environments.
According to the company, an older version of an application and its source code were accessible through the affected servers. CGI also said there was no sign that operational services or customer production data were exposed.
Authorities and contractor review the incident
Sweden’s civil defense minister Carl-Oskar Bohlin confirmed that a cybersecurity incident occurred. Government agencies are working with national cybersecurity teams to assess the situation.
Authorities are coordinating with CERT-SE and the National Cyber Security Center during the investigation. The review focuses on identifying those responsible and verifying the contents of the reported leak.
CGI spokesperson Agneta Hansson told Swedish outlet Aftonbladet that the company’s analysis found only outdated software versions on the affected systems.
“An older application version and its source code were accessible,” Hansson said. She added that there was no indication that production services were affected.
Sweden relies widely on digital government services. Eurostat data shows that about 95 percent of the country’s 10.7 million residents used e-government platforms in 2024.
Hackers claim release of files linked to government systems
The threat actor ByteToBreach said it uploaded folders connected to the platform. Threat intelligence researchers reported that the shared files appear to include source code and configuration materials.
Screenshots shared online show directories that appear linked to development systems. Some reports suggest that the dataset could include internal documents and technical files.
Certain reports also mention internal staff databases and documents tied to electronic signing systems. Authorities have not confirmed the full contents of the material.
IT security expert Anders Nilsson said the leaked resources appear authentic based on early checks. “Source code for several programs seems to exist, and from what I can see, the hack looks genuine,” Nilsson said in comments to SVT.
Security researchers said leaked source code may allow attackers to study system design and search for weaknesses. Authorities continue to analyze the incident as the investigation moves forward.
