Dataleak

• The NCSC generally advises against paying a ransom. The NCSC also strongly recommends that you do not contact the perpetrator but rather discuss with the police how to proceed.

• Identify the affected systems and determine whether the attackers were able to copy any data. Prevent any further data leaks. If you do not have the necessary expertise, contact a specialist company.

• Get an overview of the data that may have been leaked and assess the risk for each type of data.

• If customer data has been stolen, the NCSC strongly advises proactively informing the affected customers.

• Under Article 24 of the Federal Act on Data Protection (FADP), data security breaches must be reported to the FDPIC if they are likely to result in a high risk to the personality or fundamental rights of those concerned. This requirement applies to private individuals, companies, and federal bodies. Reports to the FDPIC must be submitted as soon as possible.

• If personal data is affected, and depending on where the company is located, there may also be a need to comply with the European Union's General Data Protection Regulation (GDPR).

• Please report the incident to the police. You can find your nearest police station on the Suisse ePolice website (available in German, French and Italian). The NCSC is not a law enforcement agency and cannot conduct investigations.

• Create a communications plan setting out how and whether to communicate in the event of data loss.

• Keep all systems in your organisation fully up to date.

• Ensure that databases are not accessible from the internet.

• Train your employees on how to handle emails.

• You can further improve your IT security by using an application whitelisting product.

• Block the receipt of malicious email attachments on your email gateway. The NCSC provides a full and up-to-date list on the GitHub website.

Your report helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.