From SportAdmin to the Swedish Church
According to Splunk's survey "State of Security 2024", the amount of companies who had their data and system held hostage rose from 35% in 2022 to 42% in 2024.
High-profile incidents in Sweden – from sports apps to municipalities and even the Swedish Church – highlight the urgency of robust database protection.
This is part 1 of a 3-part series on database protection:
According to Splunk's survey "State of Security 2024", the amount of companies who had their data and system held hostage rose from 35% in 2022 to 42% in 2024. Antagonistic threat actors are multiplying, employing advanced tactics like double-extortion ransomware and data leaks to pressure victims, while also being empowered by AI-tools.
They are expected to increase even further in the coming years, where high-profile incidents in Sweden – from sports apps to municipalities and even the Swedish Church – highlight the urgency of robust database protection.
SportAdmin, Kumla Municipality, and the Swedish Church – all very different types of organizations – were all victims of ransomware attacks that have had severe consequences.
What is SportAdmin? SportAdmin is a sports club management platform widely used by youth and adult associations in Sweden.
What happened? In January 2025, SportAdmin suffered a major data breach. The attack was discovered when the system had to be shut down, and personal data had likely been leaked.
Consequences: Approximately one million users were potentially affected. Names, contact details, and other personal information may now be in criminal hands. The threat actor behind the breach, identified as "Ransomhub," claimed to have leaked 300GB of stolen data. According to the newspaper Dagens Nyheter, there are a number of people with protected information within the leak, including a Swedish politician who lives on a secret address with a protected identity. Ransomhub initially demanded a ransom to not release the data on darknet, however, SportAdmin didn't budge. When they didn't pay out, the hackers changed tactics and started an auction on their site in an attempt to sell the data.
What is Kumla Municipality? Kumla Municipality is a local government entity in Sweden, responsible for public services and administration.
What happened? In November 2024, Kumla Municipality was targeted by a ransomware attack carried out by Hunter International, suspected to have Russian origins.
Consequences: Despite containment efforts, a large volume of stolen municipal data was leaked on the darknet within two weeks. The breach likely exposed sensitive municipal records, as well as personal data of employees and residents. Systems remained offline for days, forcing the municipality to rely on manual fallback routines to continue services.
What is the Swedish Church? The Church of Sweden is one of the country's largest organizations, serving millions of members.
What happened? On November 23, 2023, the Swedish Church was hit by a ransomware attack orchestrated by BlackCat. Church leaders decided not to pay the ransom.
Consequences: By May 2024, approximately 2.3 million stolen files had been published on a criminal darknet platform, originating from around 3,100 employee computers, about 10% of the Church's endpoints. An analysis revealed that 85% of the files were system or junk data, but hundreds of thousands of potentially sensitive documents were still exposed, including emails, working documents, and personal information of staff, volunteers, and members.
There are hundreds of millions of cyberattacks reported globally each year. But the pattern is clear: no sector is safe. Whether private companies, municipalities, or major organizations, all are vulnerable to cyberattacks that can disrupt operations, expose sensitive data, and damage trust. Attackers don't discriminate – they exploit weaknesses wherever they find them. Looking at the above cases, a natural question arises: could better security have prevented these attacks or reduced their impact? In many respects, yes. While no strategy is foolproof, there are several data protection measures that significantly lower the odds of a breach or leak. It's about layering defenses to address different threat vectors: protecting data confidentiality, detecting intrusions early, limiting what attackers can do if they get in, and maintaining data integrity. We will provide a full guide in part 3 of the series, including all the essentials for how to protect your databases.
Strong encryption for data at rest and in transit doesn’t stop breaches but makes stolen data useless without the keys. Even if attackers exfiltrate database files, encryption ensures they get gibberish. Had Sweden’s recent breaches involved encrypted records, the stolen data would have been far harder to exploit. Security frameworks and regulations mandate encryption for good reason – it’s a last line of defense..
Detailed audit logs track who accessed what data and when. Monitoring these logs allows for quick detection of suspicious activity, reducing response time during an attack. If malware or an access broker starts probing your server, proper logging with alerts can tip off admins before major data exfiltration occurs.
Assume breaches will happen. POLP limits damage by restricting users, applications, and processes to only the access they need—nothing more. A read-only user shouldn't have write access. A service account pulling records shouldn't be a server admin. Segmenting databases and auditing permissions ensures no single account has full control. This slows attackers down, keeping breaches contained.
Attackers may steal, alter, or corrupt data – sometimes unintentionally. Data integrity measures catch corruption early, whether from an attack or system failure. Regular consistency checks ensure data remains accurate. If ransomware encrypts records, integrity checks help pinpoint affected data, making recovery more precise.
We founded DB24 with the belief that many database disasters (breaches, downtime, data loss) can be prevented by eliminating human error and catching issues early – through intelligent automation. By automating routine DBA tasks and continuously monitoring the database environment, DB24 frees up your team and ensures nothing slips through the cracks. Mundane but critical chores like backups, index maintenance, consistency checks, permission audits, and patching can all be handled by DB24's system – which means they are done on time, every time, without fail.
Don't wait for the next breach to take action. Book a demo with DB24 to see how our platform can secure your databases against the evolving threat landscape and keep your data safe for years to come.