Important information

Early in the morning of September 27, we discovered that Aktieinvest had been subjected to a ransomware attack. On this page you can find information about what this means for you as a customer.

The cyber attack that Aktieinvest was subjected to on Monday September 27th meant that we immediately shut down the opportunity for customers to access the trading platform and other services.

After an extensive analysis, we were able to safely open up trading on Wednesday, September 29, first by phone and then later in the week, on Friday, also the digital login with BankID.

Please rest assured that your assets, such as shares, funds, options, cash, etc. are not affected by this infringement.

The crime that Aktieinvest has been subjected to is highly prioritized by the authorities and the cooperation between Aktieinvest, the police, the Swedish Financial Supervisory Authority, the Swedish Authority for Privacy Protection, and experts in cyber security continues to investigate the incident. 

We are here to answer any questions you may have. You can reach us by phone or read more in our FAQ below.

+46(0)8 506 517 00

For questions regarding corporate actions:

+46(0)8 506 517 95

Updates

2021-10-20 – 10:09

Since the attack, we have had a continuous update about the course of events on this page. We now have full focus on the way forward for Aktieinvest and our customers and continue to work with various consequence mitigation measures. Therefore, we no longer see the need to update this page on an ongoing basis.

It is extremely important for us to understand how our customers have experienced Aktieinvest’s handling of what happened and how we can improve in the future in relation to our customers. Therefore, we will send out an evaluation in the next few days where they will have the opportunity to give us feedback.

2021-10-10 – 21:10 (Updated: 2021-10-14 – 14:10)

We know that the threat actor has come across a very small part of the data that has been on our internal servers and has threatened to leak this data. Now the threat actor has realized the threat and leaked the stolen data. This threat actor is well-established and has previously attacked 130 other companies where they encrypted and stole data which they then leaked.

As for the attack on us at Aktieinvest, information that has been provided in connection with you becoming a customer with us may have been leaked. The information we have identified so far shows that the threat actor has released the following types of information that affect some of our customers:

  • Personal information, such as names, social security numbers, contact information and in some cases PEP-information
  • Economic and financial information

The information that has been stolen comes from our administrative systems. Our trading platform is completely unaffected.

Our customers assets, such as shares, funds, options, cash, etc. are not affected by this infringement.

This is what we are doing to limit the information from spreading and to protect you as a customer:

  • All usernames and passwords are unusable – the option to log in with a username and password is currently not available as an option on the website.
  • We are reviewing how we can once again have several secure login options in addition to BankID.
  • Further strengthened identity control for incoming calls.

The crime that Aktieinvest has been subjected to is highly prioritized by the authorities and the cooperation between Aktieinvest, the police, the Swedish Financial Supervisory Authority, the Swedish Authority for Privacy Protection, and experts in cyber security continues to investigate the incident. 

Since these attacks unfortunately occur and are becoming increasingly more common, we want to take the opportunity to inform about how you as an individual can protect yourself:

  • Change your passwords regularly.
  • Have secure password management.
  • Do not give away your BankID to strangers that call you.
  • Keep in mind that Aktieinvest will never call and ask for your login information over the phone.

There is a risk that a threat actor will try to use personal data for further fraud attempts. Therefore, remember to never identify yourself with BankID if an unknown person calls you or via an unknown link in an email. Where possible, you should always use two-factor authentication for your login and it is important to change your passwords regularly.

Read more advice on how you as an individual can protect yourself on:

https://www.msb.se/tanksakert/

https://sakerhetskollen.se/

Do you have any questions? Please contact our customer service at +46(0)8 506 517 00.

2021-10-10 – 11:20

Due to the attack we were subjected to, we unfortunately have to inform that a criminal actor has chosen to publish a small part of Aktieinvest’s and our customers’ data. We fully understand that this raises questions and we are doing what we can to keep you informed and answer your questions via our informational page and customer service.

This is what we are doing to limit the damage:

  • We have set aside resources to analyze the leaked data and will return as soon as possible with more information.
  • All usernames and passwords are unusable – the option to log in with a username and password is currently not available as an option on our website.
  • We are reviewing how we once again can have several secure login options in addition to BankID.
  • Further strengthened identity control for incoming calls.

The incident has been reported to the police and other authorities.

2021-10-07 – 17:07

In connection with the type of attack that Aktieinvest has been subjected, the perpetrator often has two ways of exercising extortion: by encrypting data, and by exfiltrating data, which means that they take sensitive data with the possibility of publication.

In this case, we know that the perpetrator has encrypted the data that we have stored in our administrative environments, while the trading platform itself is completely unaffected. We now know that the perpetrator has accessed a very small part of the data that was on our internal servers.

Despite a thorough and comprehensive investigation by authorities and experts in cyber security, we cannot currently see which information the threat actor has stolen. Examples of information that may be the subject of theft is information such as names, social security numbers, contact information as well as historical economic and financial information from our administrative systems.

Our customers assets, such as shares, funds, options, cash, etc. are not affected by this infringement.

We have taken the following measures:

  • All usernames and passwords are unusable – the option to log in with a username and password is not available as an option on the website.
  • We are reviewing which secure services are available as a complement to BankID.
  • We will do our best to get a hold of more information and as soon as we know more, we will inform about it.
  • Further strengthened identity control for incoming calls.

The crime that Aktieinvest has been exposed to has a high priority with the authorities and the cooperation between Aktieinvest, the police, the Swedish Financial Supervisory Authority, the Swedish Authority for Privacy Protection, and experts in cyber security continues to investigate the incident.

Since these attacks unfortunately occur and are becoming more common, we want to take the opportunity to inform about how you as an individual can protect yourself:

  • Change your passwords regularly.
  • Have secure password management.
  • Do not give away your BankID to strangers that call you.
  • Keep in mind that Aktieinvest will never call and ask for your login information over the phone.

There is a risk that a threat actor will try to use personal data for further fraud attempts. Therefore, remember to never identify yourself with BankID if an unknown person calls you or via an unknown link in an email. Where possible, you should always use two-factor authentication for your login and it is important to change your passwords regularly.

Read more advice on how you as an individual can protect yourself on:

https://www.msb.se/tanksakert/

https://sakerhetskollen.se/

Do you have any questions? Please contact our customer service at +46(0)8 506 517 00.

2021-10-06 – 09:43

Now we have solved the problem that caused difficulties for some of our customers to log in to our trading platform with BankID on their mobile.

2021-10-05 – 15:49

The attack that Aktieinvest was subjected to is a so-called ”Ransomware as a service attack”, with a virus called Lockbit 2.0. The virus attacked our administrative working tools and left the trading platform completely unaffected. As soon as we ensured that the platform was not affected, we were therefore able to open the login to our trading platform again.

Nothing in the trading platform has been affected, which means that you can feel confident that your assets such as shares, funds, options, cash, etc. with us have not been affected by what happened.

This type of threat actor also works with data theft. Therefore, in parallel with ensuring a secure login for our customers, we have also worked to identify whether a data theft has occurred and what information might be affacted. It has now been confirmed that data has been stolen during the attack and we therefore want to inform you as a customer about it.

The data that has been stolen amounts to a very small part of our total amount of data. We are currently working hard to identify exactly what information the threat actor has stolen. We will inform our customers about this as soon as possible.

We fully understand and respect any concerns that this may cause. We are currently working around the clock together with recognized experts in cyber security, and in close collaboration with the police, the Swedish Financial Supervisory Authority and the Swedish Authority for Privacy Protection. You are welcome to contact our customer service with your questions.

2021-10-05 – 11:45

The crime that Aktieinvest has been subjected to has a high priority with the authorities and the cooperation between Aktieinvest, the police, the Swedish Financial Supervisory Authority, the Swedish Authority for Privacy Protection and experts in cyber security continues to investigate the incident.

We would like to extend a big thank you to your customers for your patience and understanding!

2021-10-04 – 07:40

You can now log in to our trading platform again to use our services. At at first stage, it is only possible to log in with BankID.

2021-10-03 – 15:05

The system maintenance that was executed this weekend has gone well and we look forward to opening up our login again on Monday morning.

2021-10-02 – 13:45

Today we are focusing on the planned system maintenance. At the same time, we are performing various administrative tasks to be able to focus on giving our customers the best possible service when the stock exchange reopens on Monday morning. In addition, we are continuously working to answer questions that we have received via email and other channels.

2021-10-01 – 16:45

This weekend there will be a planned system maintenance and during that time it will not be possible to log in to our website.

We will open the login on Monday morning again.

2021-10-01 – 15:45

You can now log in to our trading platform with BankID to trade, see your holdings, and access other services.

2021-09-30 – 12:00

If you are a customer with us, please rest assured that everything related to corporate actions, dividends, reinvestments of dividends and payments works in a safe and secure way, just as usual.

2021-09-30 – 10:00

If you have automatic payments to a monthly savings account etc., this will be done in a safe and secure way as usual. You do not have to do anything.

2021-09-29 – 15:27

It is now possible for all our clients to handle orders and other services by reaching out to Aktieinvest by phone. If you want assistance, simply contact our customer service at +46(0)8 506 51 795 and we will help you. Please make sure to have your account number and social security number handy so we can make the process easier for you.

2021-09-29 – 12:40

Multiple tests of the trading platforms have been executed during the night between September 28 and 29. The tests will continue during the day on September 29th. Currently, Aktieinvest cannot estimate when all functions related to the system will be restored. We are working hard to open the trading platform and other services as soon as possible. 

FAQ

At this time, you can only log in to our platform with BankID. 

Please note that it is not possible to log in to our old trading platform.

BankID is the login option that we believe offers the highest level of security. We are reviewing the possibility of having other login options for our trading platform in the future as well.

If you do not want to use BankID, you are welcome to contact our customer service to get help over the phone instead. You can reach our customer service on +46(0)8 506 517 00.

Early in the morning of September 27th, we detected that Aktieinvest was subject to an ongoing ransomware attack.

The attack that we were subjected to is a so-called ”Ransomware as a service attack”, with a virus called Lockbit 2.0. The virus is designed to strike a Microsoft-based environment, and that’s how we were affected. Our trading platform is an autonomous environment, and the attack has therefore not affected it. Thus, you can rest assured that your assets such as shares, funds, options, cash, etc. with us are not affected by the attack.

The incident has been reported to the police and other authorities.

We have a good idea of ​​what has happened, but due to the current police investigation, we can not tell you more about it right now.

In the type of attack we have been subjected to, the perpetrator often has two ways to extort a company: to damage the business by encrypting data, and to exfiltrate data, which means they take sensitive data with the possibility of publication.

In our case, we know that the perpetrator encrypted data we have stored in our administrative environments, while the trading platform itself is completely unaffected. We also know that the perpetrator accessed a very small part of the data that has existed.

The perpetrator has accessed a very small part of the data that was stored on our internal servers. Examples of information that have been subject of theft is information such as names, social security numbers, contact information as well as economic and financial information. The data that has been stolen is from our administrative environments, not the trading platform itself.

We were exposed to an external threat and a very serious crime. We are constantly working to have a safe environment. When the investigation of the incident is complete, we can decide on any additional security solutions.

Yes, the attack that Aktieinvest was subjected to was designed to strike at our internal administrative tools and not the trading platform itself. This has been ensured through an extensive analysis in collaboration with recognized experts in cyber security.

Please rest assured that your automatic monthly savings works just as usual.

Dividends and automatic reinvestments of dividends work just as usual.

We are working towards completing all active corporate actions without affecting you as a participant.

You can feel safe that your assets are secure and have not been affected by this infringement. 

Please know that your assets such as shares, funds, options, cash, etc. are not affected by what has happened. Nor is your participation in the incentive program.

If you do not have a BankID, you can get help with using services over the phone instead. Contact our customer service at +46(0)8 506 517 00.

If you want to use a feature that used to be available in our old internet service, please contact our customer service at +46(0)8 506 517 00.