Dataleak

Data has been leaked. You may be blackmailed with the publication of this data. You want to report a data leak.

There are many causes of data leaks, ranging from employee theft, forgotten and poorly maintained servers to backups that are not properly protected. In many cases, the company/the authority where the data leak has occurred is blackmailed with the publication of the data.

Specific measures

Identify the affected systems, determine whether the attackers were able to copy data and prevent further data leaks. If the necessary expertise is not available in your company/your authority, seek support from a specialised company.
Client communication is of vital importance. Draw up a communication concept before you fall victim to a cyberattack. This needs to answer the questions of whether and how clients should be informed, who will do so and through which channels the communication should be carried out.
Prepare an emergency plan (business continuity management), which describes how you can continue to work if IT is unavailable for a prolonged period. Like the communication concept, the emergency plan must be drawn up before an incident occurs. There is no time for this once you have been targeted.
Get an overview of the potential data loss and estimate the risk for the individual pieces of data.
In accordance with Article 24 of the new Federal Act on Data Protection (nFADP), which enters into force on 1 September 2023, data security breaches must now be reported to the FDPIC if the persons affected by the data leak are exposed to an increased risk of their privacy or basic rights being infringed as a result. The requirement applies to private individuals, businesses and federal bodies. Reports to the FDPIC must be submitted as soon as possible. You can find the reporting form here: https://databreach.edoeb.admin.ch/report
If personal data is affected, and depending on where the business is located, the provisions of the European Union's European General Data Protection Regulation (GDPR) may also have to be complied with.
Report the matter to your local cantonal police. They will then initiate the necessary investigations. You can search for police stations in your area and their telephone numbers on the Suisse ePolice website:
www.suisse-epolice.ch/#/search-station (in French, German, Italian).

Preventive measures

Keep database applications and all other systems in your company/your authority up to date.
Avoid databases being accessible on the internet.
Provide employees with training on how to deal with email.
You can further strengthen your IT infrastructure's protection against malware by using Windows AppLocker, which allows you to define which programs can be run on the computers in your company/your authority.
Block the receipt of potentially dangerous email attachments on your email gateway. A more detailed updated list can be found onat:
Potentially dangerous email attachments
In addition, all email attachments containing macros (e.g. Word, Excel or PowerPoint attachments that contain macros) should be blocked.

Effects and risks

For companies, undesired data leaks can lead to costs and work, but especially to a loss of reputation
Loss of confidential data
Loss of client data.

Further Information

You will find further information on our website:
Companies: A data leak – what next?
Authorities: A data leak – what next?

Dataleak

National Cyber Security Centre NCSC

National Cyber Security Centre NCSC

Dataleak

Main Navigation

National Cyber Security Centre NCSC

Search

Breadcrumb

Dataleak