The embarrassing IT security weak spot in the Swisscard system, which has since been fixed, was reported to the Rundschau programmeExternal link on Swiss public television, SRF, on Monday.
The information included the names of the travellers, their date of birth, the number of first- and second-class tickets purchased and the place of departure and destination.
The hacker told Rundschau that the recent attack required no specialist IT knowledge: “The sensitive data was practically public on the internet.”
The data was never made public and has been returned to Swiss Railways. The hacker said they had no criminal intent but merely wanted to expose the problem.
The Federal Data Protection Commissioner was informed of the security breach.
‘Potential for abuse’
“This is a huge meltdown for Swiss Railways,” Otto Hostettler, a journalist and author specialising in internet crime, told Rundschau. “Such data can be sold in hacker forums on the dark web. In the wrong hands it would have great potential for abuse.”
This has been demonstrated by hacks into Swiss municipal databases in recent months, including the towns of Montreux and Rolle in western Switzerland.
What do you think Switzerland’s Alain Berset can bring to the Council of Europe?
The former interior minister is to become the first Swiss Secretary General of the Council of Europe – which issues should his five-year term focus on?
How is your country dealing with the return of stolen artifacts?
Western nations like Switzerland often have to deal with the process of recovering or returning looted artifacts which have been illegally imported. What’s the situation like in your country?
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.
Read more
More
Hackers target the Swiss town of Montreux
This content was published on
Hackers have carried out a cyber attack against databases belonging to the Montreux authorities in southwestern Switzerland.
Successful hacking group targets Swiss towns, companies, hospitals
This content was published on
A group that hacked a Swiss town and posted datan on the Darknet has threatened to target other municipalities, companies or hospitals.
You can find an overview of ongoing debates with our journalists here . Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.