Xplain hack: Federal Council approves investigation order
Bern, 23.08.2023 - At its meeting of 23 August 2023, the Federal Council ordered an administrative investigation into the events surrounding the data leak at Xplain AG and approved the investigation order. As instructed by the Federal Council, the Federal Department of Finance (FDF) will appoint an investigative body. It will mandate the Geneva-based law firm OBERSON ABELS SA for this role. In its capacity as an independent body, it is to investigate whether the Federal Administration adequately complied with its duties when selecting, instructing, supervising and working with Xplain AG. Furthermore, measures are to be identified to prevent a similar incident from occurring in the future.
As part of a ransomware attack on Xplain, the hacker group "Play" stole data and published what is presumed to be the entire stolen data package on the darknet on 14 June 2023. This includes classified information and sensitive personal data from the Federal Administration. After Xplain informed the federal government about the attack by at the beginning of June, measures were immediately taken to minimise the security risk.
On 28 June 2023, the Federal Council commissioned a policy strategy crisis team on data leaks. It also instructed the FDF, in cooperation with the crisis team, to draw up a mandate for an administrative investigation.
External body mandated
OBERSON ABELS SA, the law firm which is to receive the mandate, will be asked to identify which circumstances on the part of the Federal Administration made it possible for Xplain AG to come into possession of productive data belonging to the Federal Administration. Furthermore, it is to investigate whether the Federal Administration adequately complied with its duties when selecting, instructing, supervising and working with Xplain AG. In addition, it is to examine which processes and specifications need to be adapted in the Federal Administration in order to minimise security risks in the future. The investigation will extend to all departments and the Federal Chancellery.
The Federal Council instructed the FDF to act as the coordinating body and accompany the investigative body in carrying out the administrative investigation. The FDF will be supported by a core group made up of the Federal Department of Defence, Civil Protection and Sport (DDPS), the Federal Department of Justice and Police (FDJP) and the Federal Chancellery. The FDF will lead this core group.
The investigation is to be completed by the end of March 2024. After completion, the Federal Council will be informed of the results and recommendations so that it can decide on the consequences of the administrative investigation.
Federal employees and third parties can report any useful information to the administrative investigation via the secure external whistleblowing platform of the Swiss Federal Audit Office (SFAO) (www.whistleblowing.admin.ch).
Address for enquiries
Tel. +41 58 462 60 33,
The Federal Council
General Secretariat DDPS
General Secretariat FDJP
Swiss Federal Office for Buildings and Logistics