Xplain hack: initial findings from data analyses indicate need for action

Bern, 14.06.2023 - Following the discovery of the ransomware attack on Xplain, intensive investigations concerning the data affected have been under way in the Federal Administration. The data analysed to date also includes operational data from various authorities and organisations. How this data got onto the Xplain infrastructure is now being meticulously clarified.

On 8 June 2023, the National Cybersecurity Centre NCSC announced that operational data from the Federal Administration was possibly included in the data encrypted and stolen from the IT company Xplain. The in-depth analyses carried out have confirmed this. It is now necessary to clarify in the various authorities and organisations concerned whether the data is still up to date and whether its publication could have further-reaching effects.

Initial measures have been taken to minimise a security risk for the Federal Administration. The units concerned have been informed accordingly. Further data packages were published on the darknet during the night of 13 to 14 June 2023, presumably the complete set of data that was stolen. The published data material is currently being secured and analysed.

There are still no indications of direct attacks on federal systems. Since operational data is affected by the attack, various Federal Administration units have filed charges or are considering similar steps. The aim of this is to clarify the circumstances that led to Federal Administration data ending up on the Xplain system.

No connection with the current DDoS attacks on the Federal Administration

As far as is known at this point, the latest DDoS attacks on the websites of the Federal Administration and Parliamentary Services are unrelated to the ransomware attack on Xplain. The group Play has claimed responsibility for the attack on Xplain and the group NoName for the DDoS attacks.

Address for enquiries

NCSC Communications
Tel. 058 465 53 56


Federal Department of Finance

Last modification 08.12.2020

Top of page