Swiss perspectives in 10 languages

Hacker finds data security weak spot in Swiss railway system

A conductor checks a Swisspass card on a train
Around 500,000 commuters on Swiss public transport were potentially exposed to the security weak spot, according to Swiss public television. © Keystone / Christian Beutler

An anonymous hacker gained access to the personal data of thousands of passengers who bought tickets from Swiss Federal Railways.

The embarrassing IT security weak spot in the Swisscard system, which has since been fixed, was reported to the Rundschau programmeExternal link on Swiss public television, SRF, on Monday.

The information included the names of the travellers, their date of birth, the number of first- and second-class tickets purchased and the place of departure and destination.

The hacker told Rundschau that the recent attack required no specialist IT knowledge: “The sensitive data was practically public on the internet.”

The data was never made public and has been returned to Swiss Railways. The hacker said they had no criminal intent but merely wanted to expose the problem.

The Federal Data Protection Commissioner was informed of the security breach.

‘Potential for abuse’

“This is a huge meltdown for Swiss Railways,” Otto Hostettler, a journalist and author specialising in internet crime, told Rundschau. “Such data can be sold in hacker forums on the dark web. In the wrong hands it would have great potential for abuse.”

This has been demonstrated by hacks into Swiss municipal databases in recent months, including the towns of Montreux and Rolle in western Switzerland.

The group that hacked the Rolle database posted information on the dark net and warned it could attack other towns, companies or hospitals.

Swiss news magazine Beobachter reported that 2,700 Swiss companies fell victim to ransomware hacks between August 2020 and August 2021. An article in Le Temps newspaper in December estimated that around 2,000 ransomware attacks targeted Switzerland last year.

Swiss companies fear cyberattacks more than Covid-19 disruptions, according to a survey by insurer Allianz published earlier this month.

Popular Stories

Most Discussed

News

In compliance with the JTI standards

More: SWI swissinfo.ch certified by the Journalism Trust Initiative

You can find an overview of ongoing debates with our journalists here . Please join us!

If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.

SWI swissinfo.ch - a branch of Swiss Broadcasting Corporation SRG SSR

SWI swissinfo.ch - a branch of Swiss Broadcasting Corporation SRG SSR