On 14 June 2023, after Xplain, in consultation with the prosecution authorities and the federal government, did not give in to the blackmail attempt or pay any ransom to the hackers, they published what is presumed to be the entire stolen data package on the darknet.

Since this data leak became public, the National Cybersecurity Centre (NCSC) has been working closely with the affected authorities to set up an organisation to deal with the incident. Intensive efforts to evaluate and analyse the data are ongoing. Moreover, the federal government has taken measures to minimise the security risk to the Federal Administration.

There are still no indications of direct attacks on federal systems. Since operational data is affected by the attack, various Federal Administration units have filed charges or are considering similar steps. The aim of this is to clarify the circumstances that led to Federal Administration data ending up on the Xplain system.

armasuisse also affected

The data leak that occurred at Xplain also affected data for which the Federal Office for Defence Procurement armasuisse is responsible for processing.

• According to the current status of the internal investigations, no personal data or classified information for which armasuisse is responsible have been improperly used.

Should the circumstances change following further analyses, armasuisse will promptly notify any persons especially affected, i.e. people for whom the breach of data security represents a considerable risk to or breaches their personal privacy, their right to informational self-determination or other basic rights.

The incident has been reported to the Federal Data Protection and Information Commissioner (FDPIC). The circumstances under which data belonging to the Federal Administration ended up on the Xplain systems need to be clarified.