Online counter EasyGov hacked
Criminal hackers have allegedly succeeded in stealing a list containing the names of up to 130,000 companies that applied for Covid 19 credit via the EasyGov platform in 2020. According to current knowledge, no other data apart from the company names was stolen, as Seco emphasises. As the operator of Easy-Gov, immediate measures were taken and an investigation initiated.
About the web platform www.easygov.swiss in August 2021, criminal hackers used an automated query to steal a list with the names of up to 130,000 companies, according to Seco. These companies had applied for a Covid 19 loan in 2020, at the height of the pandemic-related economic crisis.
Not affected are those companies that have already repaid the loan in full, as well as all confidential company data such as bank details, IBAN number, contact persons, etc., Seco stresses. The loan amount as part of the attacked data collection was not tapped by the hackers, according to the information. The data of the companies registered on EasyGov was also not affected.
According to an analysis of the access logs, an attack with up to 544,000 accesses per day was detected between 10 and 22 August 2021. A total of 1.3 million queries were made in August. An automated query was carried out on the basis of the UID numbers and a list of companies that have applied for a Covid 19 loan and have not yet repaid it could be created with a high degree of probability, according to the media release.
"Only" public area affected
The attacked web interface was closed within a few minutes. The data viewed was removed from the server and the process used on EasyGov was completely deactivated. According to Seco, the affected correction process for Covid 19 credit applications was available to companies in the public area of EasyGov without a login. In the protected area (i.e. with login), such an automated query was excluded.
The National Cyber Security Centre (NCSC) is supporting and advising Seco in this case. The investigations are being pursued at full speed. Seco is not aware of any other security leaks, the office said.
EasyGov is the online counter for companies. Thanks to this platform, official procedures can be handled easily, quickly and efficiently. The platform enables companies to handle approval, application and registration procedures electronically in a single place. EasyGov relieves the burden on companies and saves costs for the authorities. The online counter had been spared cyberattacks since its launch at the end of 2017 until this incident. The cyber attack that took place is being comprehensively investigated and all necessary measures are being taken to ensure that the platform is also secure in the future in the public area (without login), it concludes.
Source: Seco
