On June 2, 2023, the Swiss newspaper Le Temps revealed that a cyber attack had indirectly affected Swiss public institutions, including the army, customs, and police. On March 23, 2023, the Play ransomware gang allegedly hit Xplain, a German-speaking provider of IT security services. The cybercriminals claim to have laid their hands on 907 GB of data, and have already released 3 GB of it to put pressure on Xplain.
The company’s clients include the Swiss army, the Federal Office of Police (Fedpol), the Office of Customs and Border Protection (OFDF) and several cantonal police forces. According to Le Temps, Play stole “information on numerous IT projects carried out with Fedpol and several cantonal police forces: contracts, technical specifications, identifiers for access to certain services…“.
Andreas Löwinger, Managing Director of Xplain, has confirmed the cyberattack. He says he has received support from the National Center for Cybersecurity, and assures us that Xplain will not pay any ransom. “We will only be able to officially communicate on the precise timing of the attack and the extent of the data theft when the authorities release the information,” he says.
Andreas Löwinger offers reassurance about the impact of the attack on his most sensitive customers. “We do not store any data on our customers’ employees or business in our systems,” he points out.
Fedpol and OFDF confirmed that Play had indeed stolen data concerning them, albeit limited in scope. “Xplain does not have access to Fedpol’s production data, but has access to anonymized simulation data for testing purposes,” said a Fedpol spokesperson. The OFDF specifies that the stolen data concerned exchanges with Xplain on contracts and services, but that “the office’s own data are not affected”.