Cyber Incident Victim: Comparis
Date:
Jul 2021
Location:
Switzerland
Summary
A Swiss price comparison platform experienced a ransomware attack that compromised its network and likely resulted in customer data theft. The company swiftly shut down all IT systems, restored operations in a secure environment, and advised users to reset passwords to prevent account takeovers. Following the incident, customers reported fraudulent calls from individuals impersonating call center staff or insurance brokers, who referenced personal details potentially linked to older address lists rather than the recent breach. The organization warned that stolen information could be exploited for commercial or fraudulent purposes and urged heightened vigilance against unsolicited contacts claiming affiliation with financial institutions. These scam attempts were assessed as opportunistic tactics unrelated to the confirmed data exfiltration from the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 7, 2021, Comparis, Switzerland’s prominent price comparison platform handling over 80 million annual visits, experienced a ransomware attack that compromised its entire IT network. The attack, described by the company as highly organized and criminal in nature, prompted an immediate shutdown of all systems to contain the intrusion. Comparis restored operations within a secure environment following the incident and initiated an investigation with Swiss law enforcement authorities and the Federal Data Protection Commissioner. Forensic analysis revealed that the attackers gained unauthorized access to customer data stored on company systems, though the specific scope of exfiltrated information was not detailed. The platform, which facilitates comparisons of insurance, banking, telecom, and property services, advised all users to reset account passwords preemptively to mitigate credential-based account takeovers. No ransomware group was identified in the available reporting, nor were demands or payment details disclosed.
Following the breach, Comparis customers reported receiving fraudulent communications from individuals impersonating legitimate call center staff or insurance brokers. These scammers referenced recipients’ health insurance providers and other personal details, though Comparis clarified the contacts likely utilized older address lists or random targeting rather than data exclusively from the recent breach. The company warned affected individuals that stolen information could be exploited for commercial or fraudulent purposes by third parties and urged vigilance against unsolicited contacts claiming affiliation with financial institutions. Comparis directed customers to report such attempts to facilitate information sharing with investigating authorities. The incident disrupted service availability during system restoration but did not halt operations indefinitely. No quantitative estimates of impacted users or financial losses were provided in the disclosed information.