Swedish occupational pension provider SH Pension has confirmed that customer data has been stolen after it was hit by a cyber-attack.

In a statement on its website, the pension provider said the incident happened on 17 July 2024.

“We can confirm that the threat actor has gained access to some of our customers' personal data. We take the incident seriously and have quickly taken additional security measures,” SH Pension said.

The pension provider said that as soon as the breach was detected, it isolated and immediately addressed the vulnerability. The personal data breach has been reported to the Swedish Data Protection Authority, the police and the Swedish Financial Supervisory Authority. SH Pension is also contacting affected customers in accordance with EU Data Protection Regulation.

Cyber risks are taking greater prominence amongst IORPs with the European Insurance and Occupational Pensions Authority’s (EIOPA) recent IORP Risk Dashboard finding an increasing risk outlook for digitalisation and cyber risks over the next 12 months.

“We take very seriously the fact that an unauthorised threat actor has gained access to our customers' personal data and are constantly working to maintain the highest level of security and good preparedness to handle cyber-attacks,” SH Pension said.

However, it confirmed that customer pension capital and pension payments have not been affected by the cyber-attack. Furthermore, the hacker will not be able to use the data to legitimise itself with SH Pension, request information or dispose of an insurance policy as this requires legitimisation with BankID.

Its statement also reassured customers that they do not need to take any action because of the incident. However, it urged them to exercise general caution regarding fraud and to be vigilant if someone unknown asks for their data.

European Pensions has contacted SH Pension for further information on the cyber-attack.

---