A hacker group calling itself ByteToBreach has posted what it claims is source code stolen from CGI’s Swedish division, among the allegedly compromised systems: the codebase powering BankID logins for the Swedish Tax Agency.
It’s a ransacked filing cabinet inside the architecture of a country that digitized itself completely, then discovered the cost of doing so.
BankID is the single authentication layer Swedes use for nearly everything; government services, banking, digital signatures, and tax filings.
Over 8.6 million people in a country of just over 10 million run their digital lives through it. That’s a national dependency, a single point of failure dressed up as infrastructure modernization.
The dump appeared on Breached.
Journalists at Dagens Nyheter reviewed portions of the leaked material and reported finding source code, passwords, and encryption keys. Breached was taken offline over the weekend as part of a cybersecurity operation, limiting independent verification.
Also reportedly being sold separately: databases containing Swedish citizens’ personal data and electronic signature documents. The breach exposes a layered vulnerability.
CGI confirms it, but frames it narrowly
Hellbound and Down 