Breach at Partner Impacts 800,000 Swisscom Customers



Data was compromised following a breach due to what Swisscom is calling a "misappropriation of a sales partner's access rights."

Swisscom, a major telecom based in Bern, Switzerland, was forced to tighten its security this week after the company learned data on roughly 800,000 of its customers was leaked late last year.

The breach wasn't Swisscom's fault; an external sales partner was hacked last autumn and due to what the service is calling a "misappropriation of a sales partner's access rights," data was compromised. Sales partners regularly receive customer data when customers enter a service agreement with the telecom

Customers' names, addresses, telephone numbers, and dates of birth were exposed by the breach, "non-sensitive" data under Swiss Federal Data Protection Act.

The company didn't specify when it made the discovery but said in a press release on Wednesday it noticed it during a routine check of operational activities. After it detected the breach Swisscom says it launched an investigation into it and reported the issue to Switzerland's Federal Data Protection and Information Commissioner (FDPIC).

The company did not specify which sales partner was hit.

In a statement Swisscom insists its systems weren't impacted by the incident and that no sensitive data was stolen. No passwords, conversations or payment data were leaked, according to the telecom.

For what it's worth the telecom claims it hasn't noticed a spike in robocalls or other scams against customers who had their numbers leaked.

In wake of the breach Swisscom said it immediately blocked access for the partner company. The telecom says it also plans to introduce two-factor authentication this year for sales partners who access data, implement tighter controls that flag unusual activity, and halt users ability to run high volume queries of customer data.

It's the second major telecom breach reported this year.

Bell Canada, Canada's largest telecommunications company, said in January it had recently discovered a breach exposing the data of 100,000 consumers. It didn’t specify when the breach occurred but said users’ names, email addresses, account user names and numbers, and phone numbers were impacted. That breach came eight months after a separate breach leaked 1.9 million emails and approximately 1,700 names and active phone numbers belonging to the telecom's customers.

Swisscom photo via gregcutler's Flickr photostream, Creative Commons

Chris Brook

WHITEPAPERS

The Definitive Guide to Data Loss Prevention

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with nearly a decade of experience writing about information security, hackers, and privacy. Prior to joining Digital Guardian he helped launch Threatpost.