DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Swisscom Acknowledges Data Security Breach

Posted on September 18, 2013 by Dissent

Neue Zürcher Zeitung NZZ was in possession of four data tapes that apparently originated from Swisscom’s data centres, the editorial office has informed the company. The records concerned are apparently backup files from 2008 to 2010 containing internal Swisscom data, including e-mails. It is still not clear to Swisscom whether customer data are also stored on these data carriers. Three tapes have already been returned to Swisscom and are in the process of being analysed. Data security takes top priority at Swisscom. As a result, the company immediately instigated legal proceedings against persons unknown and informed the Federal Data Protection Commissioner about the incident. Swisscom is doing its utmost to clarify the incident as fast as possible. It is currently assumed that it was motivated by criminal intent.

Four data tapes were handed over to the NZZ editorial team by a person unknown to Swisscom. According to the information currently available, the backup data contained on the tapes originate from two Swisscom data centres and contain backup copies from the years 2008 to 2010. According to details provided by the NZZ editorial team, these data tapes contain internal backup files, including e-mails from Swisscom employees. Swisscom received the tapes yesterday, Tuesday, and is working as quickly as possible to analyse their content. It cannot be ruled out at the present time that customer information is stored on the tapes.

Strict controls governing using and destroying storage media

The type of data tapes that have emerged at NZZ have not been used by Swisscom since 2012. Today, data are predominantly saved on hard disks. Swisscom has extremely stringent regulations governing the secure and sustainable disposal of such data carriers. Data carriers are only removed from the servers in accordance with the dual-control principle; this same procedure applies to storage in multiple-security-level disposal rooms. The transport of data carriers is also always subject to the dual-control principle. Data carriers are transported in a convoy with two escort vehicles before they are destroyed (shredded). External partner companies are also involved in this process. Since the beginning of 2012 hard disks are demagnetised – resulting in the data being deleted – prior to their disposal in the data centres. The procedure has been further reinforced in that all hard disks are inventoried and thus the route from usage to disposal can be traced back in full. The employees involved are specially instructed and trained for this work. The disposal procedure is also reviewed on a regular basis by an external company.

Swisscom instigated measures immediately

Swisscom has made it its top priority to clarify the incident. Not only has it commenced internal investigations, but it has also notified the Federal Data Protection Commissioner. Swisscom is working on the assumption that the data tapes were taken illegally and has therefore filed criminal charges against persons unknown with the public prosecutor in Bern-Mittelland. Swisscom has also instigated an in-depth review of the procedure used to dispose of data carriers in order to identify any potential weaknesses. In the meantime the NZZ has given three of the tapes back to Swisscom. A further tape has been returned by NZZ to its source. Swisscom is doing everything it can to retake possession of this missing tape.

SOURCE: SwissCom

In related media coverage, the Wall Street Journal reports:

Bern-based Swisscom said it became aware of the theft after four tapes were given to the Neue Zuercher Zeitung, a nationwide Swiss newspaper, which published a report about the tapes Wednesday.

The tapes contained 600,000 phone numbers, medical appointments and invitations to social events, according to the paper, as well as 14,500 emails from Swisscom employees, including details of contracts with the company’s private and business customers.

NZZ didn’t say how it obtained the tapes and didn’t respond immediately to requests for comment Wednesday.

Category: Business SectorNon-U.S.Theft

Post navigation

← Pairing patient privacy with health big data analytics
NZ insurance firm settles over privacy breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.