Sweden's data protection authority, IMY, has opened an investigation into a massive ransomware-related data breach that exposed personal information belonging to 1.5 million people. The breach originated from a cyberattack on IT provider Miljodata in August, which affected roughly 200 municipalities.

Hackers reportedly stole highly sensitive data, including names, medical certificates, and rehabilitation records, much of which has since been leaked on the dark web. Swedish officials have condemned the incident, calling it one of the country's most serious cyberattacks in recent years.

The IMY said the investigation will examine Miljodata's data protection measures and the response of several affected public bodies, such as Gothenburg, Älmhult, and Vastmanland. The regulator's goal is to identify security shortcomings for future cyber threats.

Authorities have yet to confirm how the attackers gained access to Miljodata's systems, and no completion date for the investigation has been announced. The breach has reignited calls for tighter cybersecurity standards across Sweden's public sector.