Cyber Incident Victim: Swisscom
Date:
Sep 2017
Location:
Switzerland
Summary
A major Swiss telecommunications provider experienced a data breach compromising personal information of approximately 800,000 customers, affecting nearly ten percent of the country's population. Attackers exploited compromised credentials of a sales partner with legitimate but limited system access, harvesting non-sensitive customer details including names, addresses, birth dates, and phone numbers—though no passwords, financial data, or call records were accessed. The company detected the incident during routine operational checks and subsequently implemented enhanced security measures such as two-factor authentication for third-party access, stricter access controls, and restrictions on bulk data queries. While no immediate misuse of the stolen data was observed, cybersecurity experts warned of long-term risks including targeted phishing and fraud campaigns leveraging the exposed information. The incident underscored systemic vulnerabilities in third-party vendor security practices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Swisscom, Switzerland's largest telecommunications provider, experienced a data breach affecting approximately 800,000 customers, representing nearly 10% of the country's population. The incident originated in autumn 2017 but was discovered during routine operational checks conducted by the company. Investigation revealed attackers had compromised the login credentials of an unnamed sales partner, exploiting their legitimate but limited system access rights intended for customer identification, advisory services, and contract management. The breached data consisted of non-sensitive personal information under Swiss law, including first and last names, home addresses, dates of birth, and telephone numbers. No sensitive data such as passwords, payment details, or communication records were accessed. System access at the time required only username and password authentication for sales partners, without additional security layers.

Swisscom implemented multiple security enhancements following the breach, including mandatory two-factor authentication for all partner access, stricter access controls, and prohibitions on bulk customer data queries. The company reported no observable increase in malicious activities like advertising calls targeting affected customers but advised vigilance against unsolicited communications. Industry experts emphasized the long-term risks of exposed personal information, noting potential exploitation for identity fraud, targeted phishing, and financial scams given Switzerland's high-income demographic. While not subject to EU GDPR regulations as a non-EU entity, commentators highlighted the incident's relevance to global data protection standards and erosion of consumer trust. The breach underscored systemic vulnerabilities in third-party security practices, with attackers targeting weaker partner organizations rather than primary corporate defenses. Swisscom's response focused on hardening external access points while maintaining that the compromised data largely consisted of publicly available or commercially obtainable information.
