SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Mega breach: 800,000 Swisscom customers’ data stolen via hacked partner
Fri, 9th Feb 2018
FYI, this story is more than a year old

News broke recently of a huge data leak at major Swiss telco provider, Swisscom.

Affecting around 800,000 customers, the leak came when security at an external sales partner was breached, prompting the Swiss group to tighten access to its files.

Swisscom stressed that the leaked data contained only "non-sensitive information" like customers' names, addresses, telephone numbers and dates of birth, with no hyper sensitive information like passwords or payment data

High-Tech Bridge CEO Ilia Kolochenko and WinMagic EMEA VP Luke Brown say this "non-sensitive information" is anything but, and while Swisscom may be playing the incident down, the implications of the breach will be far and wide.

"Globally speaking, it's a drop in the multi-billion ocean of data breaches. However, for Switzerland, it is a very important data breach that will likely impact almost every family in the country,” Kolochenko says.

"The allegedly stolen data provides cyber criminals with a great wealth of opportunities: from impersonation and password recovery, to various spear phishing and sophisticated fraud campaigns. Switzerland is one of the most wealthy countries and represents a great interest for cyber gangs. This data can be exploitable during the next few years and may cause substantial harm in the long run.

Brown says the breach and Swisscom's claim that the customer data taken is non-sensitive underlines a huge misunderstanding between many companies and their customers.

"Customers share data on the basis that it will be respected and protected – to them all data shared privately is sensitive," Brown says.

"The industry has spent years telling web users how to protect themselves from Identity fraud, and now the industry has to eat its own dog food, and make sure all customer data is persistently encrypted and protected from data breaches – it is the last line of defence for customers and the company.

It all came to light during a routine check of operations that revealed malicious parties had stolen access rights of the sales partner late last year to ultimately swindle the data from Swisscom.

Since the breach, Swisscom has blocked the unknown partner's access and put in place new policies that ban high volume queries for all customer information and require two-factor authentication for all data access by sales partners.

Kolochenko says security of third-parties (like partners) is a major and widely unaddressed problem these days, with many large financial institutions and eCommerce businesses already having lost millions of records because of hacked third-parties.

“Cyber criminals won't assault the castle, but will instead find a weak supplier with legitimate access to the crown jewels. However, the good news is that we see more and more companies who rigorously implement, for example, vendor risk assessment policies now, to prevent such risks,” says Kolochenko.

“Swisscom's efforts to mitigate and investigate the breach are laudable, but they won't really help the victims. Free webinars on cyber security and phishing prevention for the victims would be very helpful to prevent exploitation of the stolen data and to raise their overall level of security awareness."