Swisscom info and facts
Berne, 20 December 2013
According to an article published in the NZZ on 18 September 2013, the newspaper’s editorial office was in possession of four data tapes originating from Swisscom data centres. As Swisscom treats the protection of customer data as a matter of the highest priority, it immediately instigated legal proceedings against persons unknown and informed the Federal Data Protection Commissioner. It is still assumed that the act was motivated by criminal intent.
Over the course of the investigation, Swisscom received information about the stolen data tapes and their contents, or at least the data that were not damaged. The tapes contained only data backed up internally by Swisscom between 2008 and 2010. Swisscom was only able to retrieve three of the four stolen data tapes. A fourth tape was allegedly destroyed by whoever passed the others on. This much emerged from the investigations by the public prosecutor. Swisscom can therefore analyse the content of the fourth tape based on the meta data received from the NZZ but can no longer evaluate the individual datasets.
The NZZ is apparently still in possession of a copy of the data and has been evaluating the data further in the last few weeks. Swisscom sees NZZ’s publication as a violation of customers‘ privacy rights. There is no public interest in such publication. In publishing the article over three months after disclosure of the data theft, NZZ must accept that it has violated the privacy rights of Swisscom customers.
To protect its customers‘ interests, Swisscom demands that NZZ immediately hand over and destroy the data that are still in its possession and refrain from publishing names and information on persons that were identified and downloaded from the Swisscom data tapes that came into its possession illegally. To further underline its demands, Swisscom is considering legal action.
Swisscom immediately instigated measures aimed preventing a similar incident from recurring. Since 2012, data have been stored only on a variety of hard disks at distributed locations. Due to the fact that the data are distributed, each hard disk contains only individual fragments of data. It would therefore take a great deal of effort to extract any useable information from just one or a small number of hard disks. Additional measures have also been implemented to further increase security. These include installation of a screening system (metal detector and X-ray) in the new data centre in Wankdorf.