Rolle, Switzerland

Rolle is a municipality located in the canton of Vaud in Switzerland, functioning as a local government authority responsible for providing essential public services and administrative functions to its resident population. Its core operations encompass the management of civil registries, local infrastructure, public utilities, education, social services, and law enforcement within its territorial boundaries. The municipality holds and processes a comprehensive array of sensitive personal data necessary for governance, including resident registration details, fiscal records, permits, and information related to public health and safety. As a governmental entity, its primary market or constituency is the citizens and businesses within its jurisdiction, operating under Swiss federal and cantonal legal frameworks. The scale of its operations, while not quantified in population or budgetary terms, is implicitly defined by its responsibility for the entire local population, as evidenced by a catastrophic data breach that exposed information on every resident.

The defining event in the recent public record for the municipality of Rolle is the severe ransomware attack that occurred on May 30, 2021. Initial assessments by local officials dramatically underestimated the incident, with early statements suggesting only non-sensitive email data was affected. Subsequent, deeper investigations revealed a catastrophic compromise of the municipality's entire data estate, exposing highly sensitive personal information for the whole population. This data trove included full names, addresses, birth dates, social security numbers, residency permit details, religious affiliations, complete school records with grades, records of COVID-19 infections specifically among children, employee performance evaluations, and some criminal records. The municipality formally admitted to having underestimated both the severity of the attack and the subsequent risks posed by the dark web circulation of such data, acknowledging the potential for significant misuse. In response to the breach, a criminal complaint was filed with authorities, and a dedicated taskforce was established to manage the crisis, mitigate harm, and oversee the recovery and reinforcement of the municipality's cybersecurity posture following this profound failure in data protection.