65,000 Swiss Government Documents Leaked in Ransomware Attack

A Swiss technology firm known as Xplain fell victim to a sophisticated ransomware attack orchestrated by the notorious Play ransomware group. This breach, which occurred on May 23, 2023, led to the unauthorized disclosure of tens of thousands of sensitive documents associated with the Swiss Federal Government.

The Attack on Xplain

Xplain, a key provider of software solutions for Swiss government entities, including administrative branches and military departments, suffered a critical security compromise. The Play ransomware group claimed responsibility, asserting they had exfiltrated data containing highly confidential information. 

True to their word, by early June 2023, the group had published the stolen data across their darknet platform. Upon discovery of the data leak, Swiss authorities swiftly commenced an investigation, acknowledging the potential risk to national security due to the exposure of Federal Administration documents. 

Scope and Impact of the Data Breach

A detailed analysis by the National Cyber Security Centre (NCSC) revealed the scale of the breach. The investigation indicated that out of roughly 1.3 million files released by the ransomware group, about 5% – or 65,000 documents – were pertinent to the Federal Administration. 

A significant majority of these documents were linked to the Federal Department of Justice and Police (FDJP), affecting various critical offices within the department. Conversely, the Federal Department of Defence, Civil Protection and Sport (DDPS) saw a minor impact, with just over 3% of the data pertaining to this department.

Among the leaked files, approximately 5,000 contained sensitive details such as personal data, technical specifications, classified information, and account credentials. A smaller subset included vital IT system documentation and passwords.

Ongoing Administrative Investigation

The Swiss government initiated a formal administrative investigation on August 23, 2023, which is expected to conclude by this month’s end. 

The investigation’s length is attributed to the challenge of sifting through a vast amount of unstructured data and the inherent complexities in analyzing confidential information, which demands careful coordination across multiple government agencies.

Once the investigation is over, the Swiss government plans to share the findings and cybersecurity recommendations with the Federal Council. 

Final Word

The data breach underscores the ever-present threat of cyber-attacks and the importance of robust security measures to protect sensitive government data.