Full names and phone numbers of all 2,800 employees of the Bernese cantonal police have been leaked to hackers.
The National Cyber Security Center (NCSC) informed the Bern cantonal police on July 21 about a previously unknown security vulnerability in the MobileIron app installed on smartphones of police employees. The app, which is provided by the IT software company Ivanti, is used worldwide to ensure a connection between a smartphone or laptop and servers at company headquarters.
The security gap was quickly closed, but the data had already been leaked, confirmed Flurina Schenk, media spokeswoman for the Bern cantonal police in an interview with Swiss public television, SRF.
The stolen information, including names and phone numbers of police officers, is considered sensitive because it could be used to target police officers. According to the Bern cantonal police, it is not known who stole the data. There’s no evidence thus far that the data has been published online. An investigation has been opened.
Authorities abroad, most recently in Norway, have also fallen victim to the MobileIron security vulnerability.
Switzerland has faced a surge in cyber attacks recently. In June, hackers published data from the Federal Office of Police (Fedpol) and the Federal Office for Customs and Border Security on the Darknet, after exploiting a vulnerability on the servers of the company that hosted it.
Swiss federal railways, Swiss media groups, defence contractor RUAG, the International Committee of the Red Cross (ICRC) and several websites of the federal administration also faced attacks.