Data theft of 800’000 Swisscom customers

12febAll DayData theft of 800’000 Swisscom customers

Event Details

What are the risks that they do not disclose?

Switzerland is not spared, and this type of theft does not only happen to others. It is important to remember that the number of cases of data piracy continues to increase and that the Swisscom case represents only a modest event compared to the billions of personal data compromised via the accounts of Yahoo, MySpace, Ebay , LinkedIn, Dropbox.

As a customer or user, should we worry, since the data stolen from Swisscom is not considered sensitive? The answer is unfortunately yes, since the stolen phone numbers and names are now most likely accessible on the darknet. They attract the greed of a multitude of malicious actors who are willing to exploit them for illicit purposes .

(The video doesn’t start? There is an issue with the RTS streaming.
Workaround: after hitting “play”, click on the timeline, just right of the dot, say at 0:02, and it will play normally.)

Jeff Primus, CEO of ACTAGIS, was interviewed on this subject for the “19h30” of the RTS on February 7, 2018.

The risks associated with this type of data theft are far from negligible and are not limited to receiving unwanted advertising calls. In reality, several scenarios of attacks remain entirely possible. For example, using “social engineering” methods, it is very easy for a malicious entity to use the stolen data to subtly obtain other more sensitive information. In other cases, the attacker will be able to exploit the stolen data by using a messaging or IP telephony application, in order to discover the vulnerabilities of the users.

By unveiling, early February 2018, that it was the victim of a piracy of its customers’ information at the end of 2017, Swisscom is probably at the top of the list for this type of incident in Switzerland. So why did Swisscom wait 4 months before announcing these facts to the general public? So far, we do not have a satisfactory explanation from Swisscom, but we think they should have warned the victims of this hacking without such a lengthy delay.

With the new European GDPR (General Data Protection) Act and the Swiss Data Protection Act, the situation for Swiss companies could quickly change. For example, the GDPR will require Swiss companies processing European citizens’ data to apply preventive, detective, and corrective security measures and to rapidly announce this type of incident to stakeholders.

In the event of a breach of the regulations, the company in question could pay a fine of up to 4% of international revenu. That should get companies thinking, if they haven’t yet found the motivation to devote a reasonable security budget for the products and services they offer their customers.

ACTAGIS Academy

Governance
Informatique

Sécurité & Gestion du Risque

Business
Continuity

Gestion de la
Qualité

Tous les cours certifiants en un clin d'oeil

Formations certifiantes ISACA

Formations certifiantes ISO & PECB

Options de Formations Certifiantes

CISA

COBIT 2019

CGEIT

ISO 20000

ISO 27001

ISO 27701

ISO 27005

ISO 27032

Lead Cloud Security Manager

GDPR

ISO 31000

CRISC

CISM

CISSP

SABSA

ISO 22301

BCI

Gestion des politiques & programmes

Cours d’analyse d’impact sur les entreprises

Développement & gestion du plan de continuité des activités

Réponse aux incidents & gestion des crises

Conception & réalisation d’exercices efficaces

ISO 9001

ISO 14001

ISO 45001

ACTAGIS Academy

IT Governance

Security & Risk Management

Business Continuity

Quality Management