Government

Swiss Fear Government Data Stolen in Cyberattack

Switzerland said government operational data might have been stolen in a ransomware attack on a technology firm that provides software for several departments.

Switzerland said government operational data might have been stolen in a ransomware attack on a technology firm that provides software for several departments.

Switzerland said Thursday that government operational data might have been stolen in a cyberattack on the technology firm that provides software for several departments.

“Xplain, a Swiss provider of government software, has been the victim of a ransomware attack. After the stolen data had been encrypted and the company blackmailed, the attackers posted some of the stolen data on the darknet,” the government said in a statement.

“Contrary to the initial findings and following recent in-depth clarifications… it appears that operational data of the federal administration could also be affected.

“In-depth analyses are still ongoing.”

The Swiss army and the customs department are among the clients of Xplain, which supplies software to authorities specialising in homeland security.

The government said it did not believe that the Xplain systems have direct access to the federal administration systems.

Advertisement. Scroll to continue reading.

Xplain accused a ransomware group called Play of being behind the attack.

“We have not made any contact with the Play group and we will not pay a ransom,” Xplain’s director Andreas Loewinger told AFP on Saturday.

Xplain has notified Switzerland’s National Cybersecurity Centre and the Bern police.

As in other countries, cyberattacks targeting companies, governments and even universities are on the increase in Switzerland.

Recently, two media outlets, CH Media and NZZ, were targeted by Play.

Related: Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations

Related: SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint

Related: Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack

Related Content

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Artificial Intelligence

ChatGPT maker OpenAI said Friday it is restricting the release of its new artificial intelligence model at the request of President Donald Trump’s administration.

Data Breaches

Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact.

Artificial Intelligence

Come vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said.

Data Protection

Federal agencies are required to transition high-value assets and high-impact systems to use PQC by the end of 2030 and 2031.

Malware & Threats

The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control.

Government

NSPM-12 establishes a clear structure for NSS cybersecurity governance and accountability and reestablishes CNSS.

Ransomware

Mackay Sugar was targeted in a cyberattack carried out by a threat group known as The Gentlemen.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version