Cyber Incident Victim: Kanton Basel-Stadt

On or around January 25, 2023, the Erziehungsdepartement (Education Department) of the Canton of Basel-Stadt experienced a cybersecurity incident involving unauthorized access to business computer data belonging to an employee. The breach occurred when a hacker group successfully compromised the 'eduBS' network—a segregated system providing services exclusively to Basel's teachers and students, physically isolated from the canton's primary data network. Preliminary investigations indicated the attackers likely gained entry through a malicious email attachment opened by the affected employee. During the night of January 25-26, the department received a ransom demand from the perpetrators, confirming the intrusion's criminal nature. The department promptly initiated a comprehensive review of all systems over subsequent days to assess the compromise's scope and filed a criminal complaint with the Basel-Stadt Public Prosecutor's Office against unknown individuals.

Forensic analysis conducted in the immediate aftermath determined the attack remained contained to a limited dataset, with no evidence of lateral movement across departmental or cantonal networks. While the exact nature and sensitivity of the exfiltrated data remained under investigation, authorities confirmed only a small volume of information was affected. The department maintained operational continuity throughout the incident response, prioritizing system integrity verification and stakeholder communication. No disruptions to educational services or broader administrative functions were reported. The isolation of the eduBS network from core cantonal infrastructure proved effective in limiting the attack's reach, though the investigation into the precise data exposure continued beyond the initial containment phase.