Half of the federal data stolen from Xplain sensitive
Published: Thursday, Mar 7th 2024, 12:11
Back to Live Feed
In the cyberattack by the hacker group "Play" on the IT company Xplain in May 2023, over 9,000 data objects from the Federal Administration were stolen and subsequently published on the darknet. More than half of the data contained sensitive information, as announced by the Federal Office for Cybersecurity (BACS) on Thursday.
The total of 4,779 sensitive federal data objects included personal data, technical information, classified information and passwords, as the BACS reported on Thursday. 121 objects were classified. Four objects contained readable passwords.
According to the BACS, 95 percent of the stolen federal data was attributable to the administrative units of the Federal Department of Justice and Police (FDJP). This included data from the Federal Office of Police (Fedpol) and the Federal Office of Customs and Border Protection (FOCP). This included personal data from the military police and information on individuals who were listed in the hooligan information system operated by Fedpol in 2015, as announced by the then National Cyber Security Center (NCSC) in November 2023.
The Federal Department of Defense, Civil Protection and Sport (DDPS) accounted for a further three percentage points. Among other things, extracts from military police reports and personal data appeared on the darknet. The other departments were "only marginally affected in terms of quantity", it was reported on Thursday.
Investigation until the end of March
According to the BACS, the data package published on the darknet in June 2023 comprised a total data volume of around 1.3 million objects. The volume of data relevant to the Federal Administration comprised around five percent of the total published data pool. Over 70 percent of the objects belonged to the company Xplain and around 14 percent to the Federal Administration. The hackers' actions indicate a "superficial examination of the database without any content review by the perpetrators".
However, the report published on Thursday did not investigate why the data was leaked. The latter will be clarified as part of the ongoing administrative investigation, which was ordered by the Federal Council last August, the BACS also announced. The external investigation, which has been commissioned to a Geneva law firm, should be completed by the end of March this year.
The Federal Data Protection and Information Commissioner (FDPIC) also launched an investigation into the ransomware attack on Xplain last July. In the autumn session, Parliament referred a motion to the Federal Council that demanded new legal bases from the Federal Council for the more secure storage of Switzerland's most important digital data.
Cyberattacks on the rise
Cyberattacks on federal service providers have become more frequent in recent months: In addition to the case of Xplain, it became known in November 2023 that the Swiss software company Concevis had been hacked. It worked for the DDPS, the Federal Tax Administration, the Federal Statistical Office and the Federal Office of Civil Aviation, among others.
At the beginning of January 2024, it became known that a hacker attack had been carried out on a DDPS supplier company. Swiss Air Force documents were also stolen. Some of the documents published on the darknet were classified. The company's customers included the Ruag armaments group.
According to Swiss Radio and Television (SRF), the hacker group ALPHV claimed responsibility for the ransomware attack at the end of December 2023. It is one of the most active hacker groups in the world and could originate from Russia, according to experts.
©Keystone/SDA
English 
German 
French 
Spanish 
Arabic