Cyber Incident Victim: Diocese of Sion
Date:
Dec 2024
Location:
Switzerland
Summary
The Diocese de Sion experienced a cyberattack that rendered its website inaccessible, displaying an error message instead. Attackers sent an email claiming to have deleted all data and urged contact to restore operations, though no explicit ransom demand was made. The organization is collaborating with its hosting provider to address the breach and plans to inform staff. Officials noted the website contained primarily public information, minimizing exposure of sensitive data. This incident follows a similar attack on another religious institution where hackers anonymously demanded payment via physical notes but failed to substantiate data theft claims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 7, 2024, the Diocese of Sion experienced a cyberattack that rendered its website inaccessible, displaying only an error message. Employees received an email that day from anonymous attackers claiming to have demonstrated system vulnerabilities by deleting all data. The message urged website administrators to establish contact to reverse the deletion, framing the action as an effort to help secure user data and improve site safety without explicitly demanding ransom. This incident occurred approximately one month after a separate cyberattack on the St. Gallen Abbey precinct, though no direct connection between the two events was established. The Sion attackers maintained communication through email, contrasting with the St. Gallen incident where hackers delivered physical notes via printers threatening Darknet data leaks unless unspecified payments were made. Diocese spokesperson Pierre-Yves Maillard confirmed ongoing efforts to address the outage while awaiting analysis from Procab, the Geneva-based agency hosting the website. Initial assessments suggested minimal exposure of sensitive data since most website content was publicly accessible.
The attack prompted operational disruptions as the diocese coordinated with external technical specialists to investigate system compromises. Roger Fuchs, communications lead for St. Gallen’s Catholic confessional section, described their parallel experience involving full server reconstruction from backups without ransom payment, facilitated by cyber insurance-provided experts. St. Gallen authorities found no evidence of stolen data published on Darknet platforms despite initial threats. In Sion, response protocols included planned employee communications regarding incident management procedures while maintaining uncertainty about data restoration timelines. The diocese emphasized transparency regarding the attack’s public-facing impacts but withheld technical specifics about the intrusion vector or data deletion claims pending forensic review. No further attacker communications or data exposure incidents had been reported by the time of initial media disclosures on December 7-8.