Xplain hack: Federal Council approves investigation order

Bern, 23.08.2023 - At its meeting of 23 August 2023, the Federal Council ordered an administrative investigation into the events surrounding the data leak at Xplain AG and approved the investigation order. As instructed by the Federal Council, the Federal Department of Finance (FDF) will appoint an investigative body. It will mandate the Geneva-based law firm OBERSON ABELS SA for this role. In its capacity as an independent body, it is to investigate whether the Federal Administration adequately complied with its duties when selecting, instructing, supervising and working with Xplain AG. Furthermore, measures are to be identified to prevent a similar incident from occurring in the future.

As part of a ransomware attack on Xplain, the hacker group "Play" stole data and published what is presumed to be the entire stolen data package on the darknet on 14 June 2023. This includes classified information and sensitive personal data from the Federal Administration. After Xplain informed the federal government about the attack by at the beginning of June, measures were immediately taken to minimise the security risk.

On 28 June 2023, the Federal Council commissioned a policy strategy crisis team on data leaks. It also instructed the FDF, in cooperation with the crisis team, to draw up a mandate for an administrative investigation.

External body mandated

OBERSON ABELS SA, the law firm which is to receive the mandate, will be asked to identify which circumstances on the part of the Federal Administration made it possible for Xplain AG to come into possession of productive data belonging to the Federal Administration. Furthermore, it is to investigate whether the Federal Administration adequately complied with its duties when selecting, instructing, supervising and working with Xplain AG. In addition, it is to examine which processes and specifications need to be adapted in the Federal Administration in order to minimise security risks in the future. The investigation will extend to all departments and the Federal Chancellery.

The Federal Council instructed the FDF to act as the coordinating body and accompany the investigative body in carrying out the administrative investigation. The FDF will be supported by a core group made up of the Federal Department of Defence, Civil Protection and Sport (DDPS), the Federal Department of Justice and Police (FDJP) and the Federal Chancellery. The FDF will lead this core group.

The investigation is to be completed by the end of March 2024. After completion, the Federal Council will be informed of the results and recommendations so that it can decide on the consequences of the administrative investigation.

Reporting information

Federal employees and third parties can report any useful information to the administrative investigation via the secure external whistleblowing platform of the Swiss Federal Audit Office (SFAO) (www.whistleblowing.admin.ch).


Address for enquiries

FDF Communications
Tel. +41 58 462 60 33,
kommunikation@gs-efd.admin.ch



Publisher

The Federal Council
https://www.admin.ch/gov/en/start.html

Secretariat-General FDF
http://www.efd.admin.ch

General Secretariat DDPS
https://www.vbs.admin.ch/

Federal Chancellery
http://www.bk.admin.ch/index.html?lang=en

General Secretariat FDJP
http://www.ejpd.admin.ch

Swiss Federal Office for Buildings and Logistics
http://www.bbl.admin.ch

Armasuisse
http://www.ar.admin.ch/

https://www.admin.ch/content/gov/en/start/documentation/media-releases.msg-id-97455.html