The Swiss government lost around 65.000 files stolen by the Play ransomware gang during an attack, the National Cyber Security Center (NCSC from the National Cyber Security Center) reports.
A total of 1,3 million files were stolen during an incident at software company Xplain in May 2023. The company was then working with the Swiss Federal Administration – seven federal agencies that together with the Federal Council form one of the main government bodies.
Among the files was classified data with sensitive, personally identifiable information (PII from personally identifiable information) and all of this is believed to have been published on Dark web.
The bulk of the files (a whopping 95 percent) concerned the administrative units of various sensitive government departments, including justice, police, immigration and internal IT. A smaller percentage (3 percent) is related to the Federal Ministry of Defence, Civil Protection and Sports.
Of the 65.000 files initially reported to be related to the Swiss government, the NCSC said 47.413 of them belonged to Xplain itself and 9.040 to the Federal Administration. More than half of these (5.182) involved sensitive content such as PII, classified files, passwords and technical documentation.
Personal data made up the bulk of this, with names, email addresses, home addresses and phone numbers accounting for 4.779 of the sensitive files.
Technical documentation for IT systems and software – requirements documents and architecture information – accounted for 278 of these files.
The administrative investigation began in August 2023 to fully understand how the breach took place at Xplain and will conclude this month. The resulting report will provide recommendations that can be implemented by the Federal Council to prevent future violations.