Switzerland: Play Ransomware Leaked 65,000 Government Documents

Switzerland’s National Cyber Security Centre (NCSC) has released details surrounding a ransomware attack on Xplain which impacted thousands of sensitive government files. Xplain is a Swiss technology and software solutions company, which supports various government departments, administrative units, and even the country’s military.

In May of 2023, Xplain was breached by the Play ransomware group. The ransomware operators claimed to have stolen documents containing confidential information, and in June of 2023, they began publishing the stolen data on their dark web leak site. The Swiss government started investigating the leaked files and instantly admitted that the leaked data might contain documents belonging to the Federal Administration of Switzerland.

Security Officer Comments:
In a statement released today, the Swiss government confirmed that around 65,000 government documents were leaked as a result of the breach. They said of the approximately 1.3 million files published by Play, about 5% or (65,000) documents were relevant to the Swiss government. 95% of those files impacted administrative units of the Federal Department of Justice and Police, the Federal Office of Justice, the Federal Office of Police, The State Secretariat for Migration, and the Internal IT service center ISC-FDJP.

Around 5,000 documents contained sensitive information, including personal data (names, email addresses, telephone numbers, and addresses), technical details, classified information, and account passwords. A small set of a few hundred files contained IT system documentation, software or architectural data, and passwords.

The announcement says the administrative investigation, launched on August 23, 2023, is set to be completed by the end of this month, and the full results and cybersecurity recommendations will be shared with the Federal Council. The agency says the long investigation is due to challenges with analyzing unstructured data and the large volume of which was leaked, noting that it will take significant time and resources to triage documents related to the Federal Administration. They also note the legal complications involved with analyzing the confidential data which will require coordination and participation from various entities and agencies.