Need help?

Do you feel unsure or have any questions? Contact me or any of my colleagues and we'll help you.

+46 524 103 50

Executive summary – Data Breach

On August 19, 2024, an incident occurred where data from SMS-Teknik was accidentally exposed on the internet during a routine exercise to restore a copy of the production database. The exposure lasted for 19 minutes and resulted in the deletion of the copy, as well as a ransom note being left by the attackers who gained access to the system.

SMS Teknik shut down the exposed computer as soon as the intrusion was discovered. The incident has been reported to the Swedish Authority for Privacy Protection (IMY) and the Police, and our customers have been informed. A forensic investigation, in collaboration with an external party, has been conducted.

The investigation shows that the 19 minutes the attackers had access to the system were not sufficient to download all the data. Only a limited amount of data was taken with the intent of carrying out a ransom campaign.

Since the incident, SMS Teknik has implemented extensive security measures to minimize the risk of future data breaches. We deeply regret the concern and inconvenience this incident may have caused our customers. We also want to thank you for the support we have received during this time.

Frequently asked questions

Can the attackers log in to our customers’ accounts and send SMS messages?
User IDs and passwords are encrypted, and according to the forensic report, fewer than 100 out of 11,000 accounts were accessed. Most of our customers have now changed their passwords, which prevents the attackers from sending SMS from customers’ accounts. Additionally, our customers’ messages are protected by our Spam-alert system, which blocks SMS that deviate from their usual patterns.

Have SMS messages containing sensitive personal data been stolen?

According to our forensic report, only a small number of SMS messages, fewer than 100 out of a total of 70 million, were exposed. Our customers typically do not send sensitive personal information; in such cases, the purpose of the SMS message is to prompt someone to log in to the customer’s portal.

Sharing is caring!

Fler inlägg:

JSON API

We are excited to announce that we now offer a JSON API! With this new API, you can easily and seamlessly integrate our service into your own systems and applications to streamline your operations.

Full story

SMS Teknik continues to deliver security and quality with ISO-certifications

We are pleased to announce that SMS Teknik remains certified according to ISO 27001 and ISO 9001, now upgraded to the latest standard ISO 27001:2023 and recertified according to ISO 9001:2015

Full story
All posts