Ddos Swisscom, the Swiss mobile operator, acknowledged on Wednesday that its data system was hacked at the end of last year and about 800,000 customers contact information was stolen, accounting for 10% of Switzerland’s total population.
These include the customer’s name, address, phone number, and date of birth, which is unknown at the moment and is disclosed by a third party sales partner from Swisscom.
However, Swisscom also said that the customer’s password, call history, and payment data were not affected, nor did it receive any loss reports from customers. The data breach was discovered through a routine inspection of the company’s activities and is under investigation.
Swisscom stresses: “the system was not hacked and no sensitive data, such as passwords, conversation or payment data, was affected by the incident. Rigorous long-established security mechanisms are already in place in this case.”
The search for the partner company was immediately blocked after a hacker was found. Some changes have been made to better protect third-party companies’ access to these non-sensitive personal data. These changes include the introduction of two-factor authentication in sales partner accounts and the reduction of the ability to run large-volume queries.
It states that any unusual activity on the third-party account will now trigger an alarm and block access. “Swisscom stresses that the system was not hacked and no sensitive data, such as passwords, conversation or payment data, was affected by the incident. Rigorous long-established security mechanisms are already in place in this case.”
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
