In the first phase, the only noticeable problem was that card payments in stores did not work. A total of 62 stores in the area were affected. And with only days left until Christmas, the stores were forced to take payment with only swish and cash.
Coop Värmland immediately reported the incident to the police, and found that the store chain had been subjected to a cyber attack of a so-called ransom nature, i.e. that the purpose was financial extortion.
"It was a criminal hijacking of our systems," says Klas Olsson, Head of Communications at Coop Värmland.
Employees' passports were posted on the dark web
But the hacker group didn't stop there. Now, a handful of employees' personal data has been published on the dark web. These are photos of passports and ID cards. It is still uncertain exactly how many people's data was stolen in the attack. In total, the amount of stolen data amounts to 257 gigabytes, according to the hacker group.
Coop Värmland contacted the affected employees as soon as they became aware of the leak.
Klas Olsson emphasizes that the systems that have been hacked only affect employees. The systems have no connection to bank cards or accounts, neither for customers nor employees.
"Our customers are not affected by this hijacking. That part is assured.
"The hatches are closed"
External experts are in the process of checking Coop's systems, but according to Klas Olsson, the gaps that allowed the hacker group through are now closed.
"We don't know where this attack is coming from, but we're doing everything in our power, and we're going to fix this. That's what we've decided to do," says Klas Olsson.
SVT has contacted the Bergslagen police region, which could not answer questions about the case.