The Swiss government has confirmed that sensitive federal data has been leaked onto the dark web following a ransomware attack on Radix, a non-profit health promotion foundation serving multiple federal offices.
The breach, attributed to the Sarcoma ransomware group, has raised fresh concerns about the security of government contractors and the ripple effects of cyberattacks on public sector data.
Radix, based in Zurich, disclosed it was attacked on June 16, with hackers both stealing and encrypting data.
When ransom demands were not met, the Sarcoma group published approximately 1.3 terabytes of documents—including financial records, contracts, and private correspondence—on its leak portal on June 29.
The Swiss government confirmed on June 30 that the breach resulted in federal data being exposed, though it emphasized that the attackers did not gain direct access to core government IT systems, as Radix operates independently and holds no direct system links.
Authorities are now working with the National Cyber Security Centre (NCSC) to determine which federal offices and datasets are affected.
The NCSC is coordinating investigations, engaging with Radix, law enforcement, and the impacted federal units to assess the scope and potential damage.
Radix has notified individuals whose particularly sensitive personal data may have been involved and has recommended heightened vigilance against phishing attempts, warning that attackers may try to exploit the situation by impersonating trusted contacts to obtain passwords or financial information.
The Swiss Federal Office for Cybersecurity and other relevant authorities are continuing to analyze the leaked data and will provide updates as more information becomes available.
The Sarcoma ransomware group, active since late 2024, is known for aggressive tactics, often exploiting phishing emails, outdated software, and supply chain vulnerabilities to gain access to targets.
Their attacks typically follow a pattern: after breaching a system, they steal and encrypt data, then demand payment under threat of public disclosure. If the ransom is not paid, data is released in stages to increase pressure on the victim.
This incident marks the second major data exposure involving Swiss government information via third-party providers in recent months, highlighting the persistent risks posed by supply chain cyberattacks.
Swiss authorities are urging all organizations, especially those handling government data, to strengthen their cybersecurity measures and maintain continuous vigilance against evolving threats.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
