Swiss perspectives in 10 languages

Hacker finds data security weak spot in Swiss railway system

A conductor checks a Swisspass card on a train
Around 500,000 commuters on Swiss public transport were potentially exposed to the security weak spot, according to Swiss public television. © Keystone / Christian Beutler

An anonymous hacker gained access to the personal data of thousands of passengers who bought tickets from Swiss Federal Railways.

The embarrassing IT security weak spot in the Swisscard system, which has since been fixed, was reported to the Rundschau programmeExternal link on Swiss public television, SRF, on Monday.

The information included the names of the travellers, their date of birth, the number of first- and second-class tickets purchased and the place of departure and destination.

The hacker told Rundschau that the recent attack required no specialist IT knowledge: “The sensitive data was practically public on the internet.”

The data was never made public and has been returned to Swiss Railways. The hacker said they had no criminal intent but merely wanted to expose the problem.

The Federal Data Protection Commissioner was informed of the security breach.

‘Potential for abuse’

“This is a huge meltdown for Swiss Railways,” Otto Hostettler, a journalist and author specialising in internet crime, told Rundschau. “Such data can be sold in hacker forums on the dark web. In the wrong hands it would have great potential for abuse.”

This has been demonstrated by hacks into Swiss municipal databases in recent months, including the towns of Montreux and Rolle in western Switzerland.

The group that hacked the Rolle database posted information on the dark net and warned it could attack other towns, companies or hospitals.

Swiss news magazine Beobachter reported that 2,700 Swiss companies fell victim to ransomware hacks between August 2020 and August 2021. An article in Le Temps newspaper in December estimated that around 2,000 ransomware attacks targeted Switzerland last year.

Swiss companies fear cyberattacks more than Covid-19 disruptions, according to a survey by insurer Allianz published earlier this month.

Popular Stories

Most Discussed

News

Two men charged by the MPC with money laundering

More

Two Swiss men charged with money laundering

This content was published on One million francs, 34 million euros and around 830 kilos of gold: this is the fortune that two Swiss nationals are accused of having moved across borders for at least four years.

Read more: Two Swiss men charged with money laundering
Richemont reports lower first-half results

More

Richemont reports lower first-half results

This content was published on Geneva-based luxury goods group Richemont reported a downturn in performance for the first half of its 2024/25 financial year. Both sales and profit declined.

Read more: Richemont reports lower first-half results

In compliance with the JTI standards

More: SWI swissinfo.ch certified by the Journalism Trust Initiative

You can find an overview of ongoing debates with our journalists here . Please join us!

If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.

SWI swissinfo.ch - a branch of Swiss Broadcasting Corporation SRG SSR

SWI swissinfo.ch - a branch of Swiss Broadcasting Corporation SRG SSR