In June 2023 [3] [4] [8], the Swiss IT service provider Xplain experienced a cyberattack by the Play ransomware group, resulting in the theft of over 900 gigabytes of data from the Swiss federal administration.
Description
The leaked data [2] [3] [4] [5] [7] [8], totaling approximately 65,000 documents, contained sensitive information such as personal data [5] [6] [7], technical documents [5] [7], classified material [2] [8], and passwords [2] [4] [5] [6] [7]. More than half of the stolen data pertained to the Federal Department of Justice and Police, with additional data from the Federal Department of Defense, Civil Protection [6], and Sport [6]. The breach also exposed military police reports and personal data. An investigation by the Swiss National Center for Cybersecurity (NCSC) revealed that around 65,000 documents relating to the federal government were published by the attackers on the darknet on June 14, 2023 [1]. This comprised 5% of the total data package uploaded by Play [1] [2]. Of these files, 47,413 belonged to Xplain (70%) and 9040 to the Federal Administration (14%) [1]. The Swiss Federal Council has responded by establishing a policy strategy crisis team and launching an administrative investigation to determine the full extent of the data leak at Xplain [8], with results and recommendations expected by the end of March 2024 [2]. It was discovered that only 431 gigabytes of data were publicly released, indicating a larger breach than initially reported [7]. To stay informed about cybersecurity developments, individuals can subscribe to Swisscybersecurity.net for daily updates on cyber threats and defense strategies [7].
Conclusion
The cyberattack on Xplain and the subsequent data breach have significant implications for the Swiss federal administration. The establishment of a policy strategy crisis team and the ongoing administrative investigation are crucial steps in mitigating the impact of the breach and strengthening cybersecurity measures. Moving forward, it is essential for organizations to prioritize cybersecurity and implement robust defense strategies to protect sensitive data from future attacks.
References
[1] https://aboutdfir.com/infosec-news-nuggets-3-7-2024/
[2] https://www.infosecurity-magazine.com/news/ransomware-leak-swiss-government/
[3] https://www.hackread.com/xplain-hack-play-ransomware-leak-swiss-govt-data/
[4] https://www.443news.com/2024/03/play-ransomware-leaks-sensitive-swiss-government-data/
[5] https://www.netzwoche.ch/news/2024-03-07/bund-veroeffentlicht-datenanalyse-zum-xplain-hack
[6] https://www.cash.ch/news/halfte-der-bei-xplain-gestohlenen-daten-des-bundes-sensitiv-691053
[7] https://www.swisscybersecurity.net/news/2024-03-07/bund-veroeffentlicht-datenanalyse-zum-xplain-hack
[8] https://securityonline.info/hacker-attack-on-xplain-swiss-govt-data-exposed-in-report/
