Article Details

Switzerland: Play ransomware leaked 65,000 government documents. The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. Xplain is a Swiss technology and software solutions provider for various government departments, administrative units, and even the country's military force. The Play ransomware gang breached the company on May 23, 2023. At the time, the threat actor claimed to have stolen documents containing confidential information, and in early June 2023, it followed through on its threats and published the stolen data on its darknet portal. The Swiss government started investigating the leaked files and instantly admitted that the leaked data might contain documents belonging to the Federal Administration of Switzerland. In a new statement published today, the Swiss government confirmed that 65,000 government documents were leaked in the breach: The announcement says the administrative investigation, launched on August 23, 2023, is set to be completed by the end of this month, and the full results and cybersecurity recommendations will be shared with the Federal Council. The investigation's extensive duration is attributed to the complexity of analyzing unstructured data and the large volume of the leaked data, which required significant time and resources to triage documents relevant to the Federal Administration. Also, analyzing the leaked data for evidence is legally complicated, as confidential information requires inter-agency coordination and participation, inevitably prolonging the process.