The current situation
The data center of our IT service provider was hit by a cyber attack over Pentecost 2023. Our IT service provider reacted immediately and took all customer systems offline as a precaution. According to the IT service provider and its specialists, it was not possible to determine at the time whether Soliswiss data had been affected. We provided the first information on the cyber attack on Wednesday, May 31, 2023, as soon as we were able to communicate again via our website and email. We published updates via our publication channels as well as in the annual report and at the AGM.
On February 16, 2024, we were informed that Soliswiss data had been published on the dark web alongside data from other customers. The IT service provider began downloading the data in February 2024 in order to view it. On March 15, the IT service provider was able to complete the data review. At the same time, we commissioned a cyber forensic expert to gain an overview. He confirmed how time-consuming it is to download the data from the dark web. As soon as we had access to the published Soliswiss data, we set about analyzing it so that we now have a good overview of the extent to which sensitive data is affected.
On Friday, June 2, 2023, we informed the Federal Data Protection and Information Commissioner about a potential data leak as a precautionary measure; on February 19, 2024, we made a follow-up notification regarding probable data publication. A further follow-up notification will be made based on the data analysis. We have also fulfilled reporting obligations in various countries. On March 28, 2024, we informed our members, customers and partners by email and on our website as a publication medium under News. We are also in the process of contacting specifically affected members, customers and partners directly.
Assessment of the forensic expert
After analyzing the data concerned and researching the dark web, the risk of data publication was classified as MEDIUM. This is on a scale of low, medium and high.
This assessment is based on the points summarized below.
Negative factors:
– An extensive data collection was discovered that is permanently accessible for free on the dark web.
– A link to the data collection was published in a well-known ransomware forum. The entry in this forum has already been clicked on many times.
Positive factors:
– The form in which the data is available makes access by third parties considerably more difficult. The data is compressed and must be downloaded as a complete archive, which experts estimate will take several weeks. In addition, the data of the Soliswiss cooperative is mixed with that of other customers and cannot be traced back to Soliswiss at first glance.
– The research carried out has shown that there is currently no use of this data.
The leaked data harbors a high risk, but due to the very difficult accessibility, the forensic expert’s assessment is MEDIUM.
The data concerned:
Which data is generally not affected:
– The publication on the dark web does not affect the member database and therefore does not affect, for example, requests for advice or the passport copies sent with the registration.
– Our payment and telephone systems were not in the said network and are not affected. This means, for example, that no credit card information was leaked.
– Outlook and therefore e-mail communication is also not affected.
– Nevertheless, sensitive data relating to our members, customers and partners was published.
What kind of data is included in the published data:
– The address data of customers and members (all data that can be found on a member invoice) have been published
– Data in connection with exclusive products such as the GPPS, the delivery address, as well as lump-sum compensation and assistance fund applications
– Some archive data is also affected (generally older than 5 years), including data relating to the insurance brokerage and asset management services no longer offered at the time
– Contracts and agreements with our partners
– Employee data and other internal data from Soliswiss business operations
– Non-sensitive data, for example our internal knowledge database
If you would like more information about your data:
If you would like a more detailed assessment of which of your data is affected, please do not hesitate to contact us, preferably by email at info@soliswiss.ch. If you are located in the European Union, you may also send requests via our EU representative MLL GDPR to the e-mail address soliswiss@mll-gdpr.com. We will then send you information about your data within 30 days.
What you can do for your safety at this time:
Personal data can be misused. We advise you to be vigilant in general, even if no sensitive personal data is affected by this cyber attack. Soliswiss is not the only organization that has been hit by this cyberattack.
What can be done with stolen digital personal data?
Depending on its content, stolen digital personal data can be misused for various illegal purposes, including:
– Identity theft: Thieves can assume your identity to impersonate you online or offline.
– Financial fraud: Thieves may use your stolen information to apply for credit cards, open bank accounts or conduct other financial transactions.
– Phishing: Thieves may use your personal information to send fake emails or messages designed to trick you into revealing sensitive information.
– Online fraud: The stolen data can be used to gain unauthorized access to your online accounts or to carry out fraudulent activities in your name.
How can you protect yourself?
– Regularly monitor your financial and credit accounts to detect suspicious activity.
– Activate two-factor authentication for all your online accounts for added protection.
– Be careful when handling personal information on the phone and online and only share it on trusted websites (recognizable by the “https://” in the browser line or the lock or key symbol in the status bar).
– Use strong, unique passwords for your online accounts and change them regularly.
– Report suspicious activity immediately to your bank, credit card companies and the authorities.
– Inform your immediate environment, i.e. friends and family, so that they are also on their guard against unusual phone calls or e-mails from potential fraudsters.
On the website of the Federal Office for Cyber Security (BACS), you will find helpful information on protecting your data, current topics and threats: https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-private.html