Share this article on:
Approximately 65,000 government documents were published on the darknet in the wake of a cyber attack on a Swiss IT services provider.
The Swiss National Cyber Security Centre (NCSC) has released details of a cyber attack on an IT services provider in June 2023.
At the time, the Play ransomware gang successfully stole and then published data that was in the care of Swiss IT firm Xplain, which was a government contractor. As part of the attack, a tranche of government data was affected, prompting the NCSC to take over an investigation into the hack and the specifics of the stolen data.
Overall, the dataset published by Play contained about 1.3 million files. Approximately 5 per cent of the data – about 65,000 files – were related to Switzerland’s federal administration. Most of these files belonged to Xplain, but 14 per cent were the property of the administration.
Of the files that belonged to the government, 95 per cent belonged to the administrations of the Federal Office of Justice, Federal Office of Police, State Secretariat for Migration, and the internal IT service centre ISC-FDJP.
Three per cent of the documents belonged to the Federal Department of Defence, Civil Protection and Sport, while other departments were “only marginally affected in terms of volume”.
Around half of the federal files contained sensitive data such as personal details, classified information, and passwords.
The NCSC has revealed that working out what was in the data was a challenge, but cross-agency cooperation was a huge help.
“A considerable amount of analysis was required to determine how much data was leaked and the owners of the leaked data,” the NCSC said in a statement. “Suitable tools were required to process unstructured data records and make their contents readable. The objects identified as relevant then had to be manually viewed and categorised.”
“The various federal offices and service providers involved worked closely under the lead of the NCSC to manage the security incident. This allowed all parties to utilise synergies, make effective use of resources and save valuable time.”
The investigation is ongoing but is expected to end this month. Regardless of what Swiss authorities choose to do in the wake of the report, it’s a prime example of the kind of data that can be impacted when one of its vendors – particularly an IT services company like Xplain – is hit by a ransomware attack.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.