No audits for 15 years: has the hacked Xplain never been audited?

class=”sc-29f61514-0 icZBHN”>

These are sensitive data that the Xplain company works with. The company from Interlaken BE collected numerous data from the Federal Police (Fedpol), customs and the army. Hundreds of gigabytes of data were stolen in a hacker attack in May and later posted to the dark web. Now it is clear: neither Fedpol nor the Customs Administration has conducted so-called audits – i.e. standardized checks to determine whether data security is guaranteed – in the last fifteen years. This is what the “Tages-Anzeiger” writes. The newspaper had requested access to the audits through the Public Information Act.

The federal government should actually check whether Xplain can guarantee data security. This is required by data protection law. Only after the audit would he be allowed to share the sensitive data.

The federal government denies the allegations

Fedpol and the customs administration reject the allegations against the “Tages-Anzeiger”. “Whether and to what extent data protection law was violated and whether alternative measures to ensure data security were sufficient is the subject of ongoing investigations.”

The Russian group Play is suspected of being behind the cyber attack. Because Xplain refused to pay the ransom in consultation with the federal government, the hackers published data in multiple tranches on the dark web. At the end of June, the Federal Council approved the mandate for a crisis team called “Data Outflow”, which will coordinate the work after the attack. (brother)

Source:Blick