Gunnebo security blueprints leak
Attackers breached Swedish physical-security firm Gunnebo, stole 19 GB of data, and after the company refused to pay, leaked bank-vault floor plans, alarm schematics, and security arrangements for high-value clients including a Swedish parliament building.
- Victim
- Gunnebo Group
- records
- 38.0K
In August 2020, Gunnebo Group — a Swedish firm specialising in physical security, including bank vaults, secure storage, and entrance-control systems — was breached by a ransomware crew. When Gunnebo refused to pay, the attackers published roughly 19 GB of its most sensitive files, turning a corporate breach into a physical-security crisis for some of Europe's most heavily guarded sites.
What happened
The compromise had a long fuse. As early as March 2020, security journalist Brian Krebs warned Gunnebo that hackers had penetrated its network and were selling access to a ransomware gang. The major intrusion followed in August 2020, a "highly organised attack" that Gunnebo reported to the Swedish Security Service (Säpo).
The attackers, identified as the Mount Locker ransomware group, demanded a ransom in bitcoin. Gunnebo's management — under CEO Stefan Syrén — refused to pay. In retaliation, the group carried out a double-extortion leak, uploading around 38,000 stolen files to a public dark-web server in October 2020.
Impact
Because of Gunnebo's business, the stolen documents were extraordinarily sensitive — not personal data, but the physical-security blueprints of its clients:
- Floor plans and security arrangements for bank vaults at multiple banks, including German banks and a Swedish branch of SEB.
- Alarm-system and surveillance-camera documentation for client facilities.
- Confidential plans related to the Swedish Tax Agency's new offices and security arrangements connected to Swedish parliamentary premises.
The leak effectively handed criminals a roadmap to the alarms, cameras, and vault layouts of high-value targets — information that could enable physical break-ins long after the digital breach.
Why it matters
Gunnebo is a stark example of how a data breach can become a physical-world threat. For most victims, leaked data risks fraud or privacy harm; for a physical-security vendor, leaked blueprints risk bank heists and intrusions into government buildings. The incident underscored that companies holding third-party security designs are high-value targets whose breaches imperil their clients, not just themselves. It also became an early, vivid case study in the double-extortion ransomware model that came to dominate the threat landscape, where refusal to pay is punished by publishing the most damaging data the attackers can find.
Timeline
KrebsOnSecurity alerts Gunnebo that hackers have compromised its network and sold access to a ransomware group.
Attackers execute a highly organised intrusion against Gunnebo's servers; the incident is reported to Sweden's security service Säpo.
The Mount Locker ransomware group demands a bitcoin ransom; Gunnebo's management refuses to pay.
Around 38,000 files (~19 GB) are published on the dark web, including bank-vault plans and client security arrangements.
Media report the leak, exposing security blueprints of Gunnebo's high-value clients.
Sources
- krebsonsecurity.comhttps://krebsonsecurity.com/2020/10/security-blueprints-of-many-companies-leaked-in-hack-of-swedish-firm-gunnebo/
- infosecurity-magazine.comhttps://www.infosecurity-magazine.com/news/hackers-leak-swedish-security/
- cpomagazine.comhttps://www.cpomagazine.com/cyber-security/security-blueprints-of-heavily-guarded-companies-leaked-after-ransomware-attack-on-swedish-firm/
- hackread.comhttps://hackread.com/mount-locker-ransomware-group-gunnebo-ab-data/