Cyber Incident Victim: Ausgleichskasse Swissmem
Date:
Jan 2025
Location:
Switzerland
Summary
A cyberattack targeted Ausgleichskasse Swissmem, compromising data including personal and administrative information such as benefits, contributions, and salary details, though no financial theft occurred. The breach involved unauthorized access to systems, leading to data encryption and theft of a document containing personal data from the Eidgenössische Ausgleichskasse (EAK) mistakenly stored in Swissmem's test environment due to human error by a software developer. The organization isolated affected systems, restored operations, and notified federal authorities and law enforcement. Approximately 200,000 insured individuals—active contributors and retirees—were potentially impacted, with no evidence yet of data misuse. External specialists assisted in forensic investigations while impacted parties were advised to remain vigilant against suspicious communications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyberattack on Ausgleichskasse Swissmem, a Swiss social security fund serving approximately 200,000 insured members across 1,300 companies in the machinery, electrical, and metals industries, was first detected during the weekend of January 4-5, 2025. Swissmem's internal specialists immediately isolated affected systems from external networks upon discovery. Forensic analysis confirmed unauthorized actors had exfiltrated data during a brief window of access, though the specific categories of compromised information remained undetermined at initial disclosure—potential impacts included administrative records, personal identifiers, benefit contributions, wage details, and pensioner data. No financial theft occurred. Swissmem fully restored operations by January 9 after rebuilding IT systems from scratch, confirming all encrypted or locked data had been recovered internally. The organization notified Zurich Cantonal Police, filed criminal charges, and engaged external cybersecurity experts to support ongoing forensic efforts, which had not yet identified the attack's origin. Authorities including the Federal Data Protection Commissioner, Federal Social Insurance Office, and National Cybersecurity Centre were alerted. Swissmem issued warnings to members urging vigilance against phishing attempts or fraudulent communications exploiting stolen data, though no evidence of misuse existed at the time.
A subsequent investigation revealed that the breach also impacted the Federal Compensation Fund (EAK) through an unrelated exposure pathway. On February 28, 2025, software developer M&S Software Engineering AG notified EAK that a document containing personal data of EAK-insured individuals had been erroneously stored on Swissmem's test environment—a configuration error attributed to human error at the vendor. This document was stolen during the January 3 intrusion against Swissmem, though EAK confirmed no other client data was compromised. Both Swissmem and EAK emphasized the incident resulted from third-party procedural failures rather than organizational negligence. EAK coordinated with the same federal oversight bodies as Swissmem and reiterated advisories about potential misuse of personal information. Continuous monitoring found no indications of malicious data exploitation. Updates were provided through official channels while forensic reviews and corrective actions with involved parties continued.