The fallout from the devastating hacker attack on IT provider Xplain continues as the Swiss National Cyber Security Centre (NCSC) publishes a detailed report on the leaked data. The report reveals both the scope of the breach and the complex challenges faced by authorities in analyzing the massive trove of stolen information. It was a calculated assault by a hacker group known as Play, which led to the theft and subsequent publication of a massive trove of data on the darknet on June 14, 2023.
The initial data dump in June 2023 was massive, encompassing 1.3 million files. While only 5% of these files were directly relevant to the Swiss Federal Administration, this still amounted to a staggering 65,000 documents. The vast majority (70%) belonged to Xplain itself, indicating the far-reaching consequences of such attacks on service providers.
Of significant concern is the nature of the leaked data. Over half of the Federal Administration’s files contained sensitive information, including names, contact details, technical system documents, passwords, and even classified material. This underscores how easily a single security vulnerability can expose a wealth of sensitive information.
“Sensitive content such as personal data, technical information, classified information and passwords was found in around half of the Federal Administration’s files (5,182). Personal data such as names, email addresses, telephone numbers and postal addresses were found in 4,779 of these files. In addition, 278 files contained technical information such as documentation on IT systems, software requirement documents or architectural descriptions, 121 objects were classified in accordance with the Information Protection Ordinance and 4 objects contained readable passwords,” NCSC wrote in its press release.
The NCSC’s report highlights the painstaking process of analyzing leaked data. Authorities had to employ specialized tools to sift through the unstructured data dump, identifying relevant files before manually categorizing them.
In response to the breach, the Federal Council took decisive steps by mandating a policy strategy crisis team and ordering an administrative investigation to unravel the full extent of the data leak at Xplain. The investigation is slated for completion by the end of March 2024.
Source: https://securityonline.info/hacker-attack-on-xplain-swiss-govt-data-exposed-in-report/