As a Swede this is giving me shudders, the statements reeks of paper-pushers and certification-chasers that don't seem to understand fundamental risks of how how threat actors can move around once having established footholds, hopefully there's more competent people down in the trenches.

I dont know nothing about this particular leak, but I have worked at Skatteverket.

Let me just say, the likelihood that CGI would have any _actual_ real personal data is close to 0%, at least on servers outside of Skatteverket. I had access to absolutely nothing even working inside. I have never worked in a more closed-down system, maybe excepting the swedish military "complex". No, actually that was less locked down in a way, at least once you were "inside" the system.

Are we allowed to vibe code some positive changes and submit them for review?