Security News > 2024 > March > Swiss cheese security? Play ransomware gang milks government of 65,000 files

The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security Center says.

A total of 1.3 million files were stolen during the incident at software biz Xplain in May 2023, meaning 5 percent of the entire trove related to the Swiss Federal Administration - a collection of seven federal agencies that alongside the Federal Council comprise the main government departments.

The vast majority of the files were related to the administrative units of various government arms including those concerning justice, police, migration, and internal IT. A smaller proportion related to the Federal Department of Defense, Civil Protection, and Sport, while other departments are only described as being "Marginally affected."

Despite 65,000 files concerning the Swiss government, the NCSC said 47,413 of these belonged to Xplain itself and 9,040 belonged to the Federal Administration.

Personal data formed the bulk of this, with names, email addresses, home addresses, and phone numbers accounting for 4,779 of the sensitive files.

Classified files comprised the remaining sensitive files that were stolen, only four of which contained readable passwords, the NCSC said.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/08/swiss_government_files_ransomware/