Swisscom info and facts

Protecting customer data has highest priority

Berne, 20 December 2013

On 18 September 2013 the Neue Zürcher Zeitung NZZ announced that its editorial office was in possession of four data tapes originating from Swisscom data centres. Swisscom immediately filed a criminal complaint against persons unknown. During the investigation, the NZZ refused to reveal its sources and in recent weeks has apparently analysed the data further and also disclosed individual customer names in a further article published on 20 December 2013, even though there is no public interest in the publication of such information. On the contrary, this amounts to a violation of the personal rights of customers. To protect the interests of its customers, Swisscom demands that the NZZ immediately release and destroy those data that are still in its possession and refrain from publishing any further articles; Swisscom is considering legal action against the newspaper.

According to an article published in the NZZ on 18 September 2013, the newspaper’s editorial office was in possession of four data tapes originating from Swisscom data centres. As Swisscom treats the protection of customer data as a matter of the highest priority, it immediately instigated legal proceedings against persons unknown and informed the Federal Data Protection Commissioner. It is still assumed that the act was motivated by criminal intent.

Over the course of the investigation, Swisscom received information about the stolen data tapes and their contents, or at least the data that were not damaged. The tapes contained only data backed up internally by Swisscom between 2008 and 2010. Swisscom was only able to retrieve three of the four stolen data tapes. A fourth tape was allegedly destroyed by whoever passed the others on. This much emerged from the investigations by the public prosecutor. Swisscom can therefore analyse the content of the fourth tape based on the meta data received from the NZZ but can no longer evaluate the individual datasets.

NZZ in breach of privacy rights with its publication

The NZZ is apparently still in possession of a copy of the data and has been evaluating the data further in the last few weeks. Swisscom sees NZZ’s publication as a violation of customers‘ privacy rights. There is no public interest in such publication. In publishing the article over three months after disclosure of the data theft, NZZ must accept that it has violated the privacy rights of Swisscom customers.

To protect its customers‘ interests, Swisscom demands that NZZ immediately hand over and destroy the data that are still in its possession and refrain from publishing names and information on persons that were identified and downloaded from the Swisscom data tapes that came into its possession illegally. To further underline its demands, Swisscom is considering legal action.

Security has been further improved

Swisscom immediately instigated measures aimed preventing a similar incident from recurring. Since 2012, data have been stored only on a variety of hard disks at distributed locations. Due to the fact that the data are distributed, each hard disk contains only individual fragments of data. It would therefore take a great deal of effort to extract any useable information from just one or a small number of hard disks. Additional measures have also been implemented to further increase security. These include installation of a screening system (metal detector and X-ray) in the new data centre in Wankdorf.

Download