After cyber attack: Swiss tax data ends up on the darknet
The Basel-based software company Concevis was hacked in mid-November. Among other things, bank and tax data was stolen, some of which is now on sale on the darknet. In addition to the DDPS, cantons and municipalities, the Federal Tax Administration is also a Concevis customer.
The National Cyber Security Centre (NCSC) announced last week in a media release that the company Concevis had fallen victim to a ransomware attack. The company's entire network was apparently encrypted. Concevis' customers include the Federal Tax Administration - as well as the DDPS, cantonal and municipal administrations, Swiss banks and a hospital.
Concevis itself speaks of an "extensive outflow of data". As research by the Tages-Anzeiger shows, this may also include sensitive data from the Federal Tax Administration - parts of which have appeared on the darknet. Specifically: names, country of residence, passport and account numbers of US clients at Swiss banks.
Criminal proceedings initiated
After the hack became known last week, it was initially unclear what data had been stolen. In the NCSC's media release, the Confederation refers to "older, operational data". This is apparently not the case. Even if the authenticity of the leaked data cannot yet be verified one hundred per cent, it matches the data that Concevis processed for the FTA.
The public prosecutor's office of the Canton of Basel-Stadt has now opened criminal proceedings. It is not yet clear who is behind the ransomware attack. Possible suspects include members of the "8Base" group, which is known for using the "Phobos" Trojan. However, this is by no means certain.
Was the federal government negligent?
Concevis is the second federal IT service provider to be hacked. The Bern-based company Xplain was hit in the summer. Hundreds of gigabytes of data were stolen and published on the darknet. As the NZZ reports, the federal government may also be partly to blame for the latest hack. According to the contract, the federal government is allowed to carry out regular security checks at Concevis as a customer. This has apparently never happened since 2011, when Concevis was hired.
Cover image: Shutterstock
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.