After the cyber attack on the Swiss software company Xplain, specialists discovered more and more captured data from authorities on the dark web. Now the Swiss military police are also affected. The ongoing analysis after the attack on Xplain revealed that the attackers had access to excerpts from the so-called journal and report management system (JORASYS). This is used by the military police and other security agencies. The attackers also copied incomplete data from military police user profiles; including outdated data, it said in a statement from the Defense Department (VBS).
Fragments from log data
The army has already informed those affected and filed criminal charges against unknown persons, the VBS informs. The data leak at Xplain is still spreading, specialists from the Defense Group, in cooperation with the National Center for Cybersecurity (NCSC), are still examining the data published on the dark web. According to the current notification, the data sets from JORASYS do not contain complete data sets, because they are log data that Xplain used to analyze errors during operation.
These fragments date from the years 2018, 2022 and 2023. They contain information on military personnel (including civilians in the military administration), on persons subject to military criminal law for crimes related to the military, and on third parties whose data was used in the event of corresponding incidents captured by the army. The data leaked on the dark web also contained a list of active and inactive JORASYS users in the army from 2020 with 720 entries. The DDPS also states that the leaks do not pose any risks for those affected because comparable information is also publicly available. The leak also does not affect the operational missions of the army and does not pose a threat to it and its partner organizations.
More and more sensitive data discovered
The software company Xplain from Interlaken in the canton of Bern has specialized in application software in the security sector (homeland security, internal and civil security). Cyber criminals, suspected to be from the “Play” ransomware group, successfully penetrated its IT systems, copied large amounts of data and tried to blackmail the company. When Xplain refused to pay, they released the data in tranches on the dark web in mid-June. Since then, more and more confidential data from authorities has come to light, such as a hooligan database from the Federal Office of Police (Fedpol). Switzerland’s top data protection officer, the Federal Data Protection and Information Commissioner (FDPIC), is also investigating possible serious data protection violations at the federal police and customs and border security offices.
After the leak became known, Xplain pointed out that its customers’ productive data were not affected, as they ran on their own systems and their user data was stored there. In the present case, the DDPS pointed out that the army’s IT infrastructure was not affected.
Go to home page
#Switzerland #Military #police #data #exposed #dark #web