Incident prompts Swiss telco to reassess its security posture

Swisscom, Switzerland’s market-leading telecommunications group, has pledged to tighten its security following a data breach that resulted in the personal information of around 800,000 customers being compromised.

Issuing a statement yesterday, the Bern-based telco said unknown parties “misappropriated” the access rights of a sales partner last year, gaining unauthorized access to customers’ name, address, telephone number, and date of birth.

“Swisscom stresses that the system was not hacked and no sensitive data, such as passwords, conversation or payment data, was affected by the incident,” the company said. “Rigorous, long-established security mechanisms are already in place in this case.”

Under Swiss data protection law, the data is classed as ‘non-sensitive’, as these details, for the most part, are in the public domain or available from list brokers.

This designation, however, is unlikely to impress the 800,000 customers – nearly 10% of the country’s population – who now face the prospect of targeted spam messages or nuisance calls from the unknown party.

Prompted by the incident, Swisscom said access by partner companies to its customer data will now be subject to tighter controls. Any unusual activity will automatically trigger an alarm and block access, the group stated.

“In the future, it will no longer be possible to run high-volume queries for all customer information in the systems,” Swisscom said. “In addition, two-factor authentication will be introduced in 2018 for all data access required by sales partners.”

“These measures mean that there is no chance of such a breach happening again in the future.”