14.12.2022 - Cyber attack on Infopro AG

14.12.2022 - The aim of the FDPIC's ongoing preliminary investigation is to supervise the work to regain control over compromised customer data and thus to ensure correct compliance with data protection information obligations. This work is being carried out under great time pressure.

The FDPIC has been in contact with those responsible at Infopro AG, the National Centre for Cybersecurity (NCSC), and the cantonal data protection authorities since the revelation that Infopro, which processes personal data on behalf of the company Winbiz, was the victim of a serious cyberattack.

In this context, the FDPIC has received enquiries from Infopro AG's business clients about this matter, which it is answering on an ongoing basis. Insofar as personal data is concerned, the FDPIC has drawn the attention of these customers to their obligations to provide information and limit damage under data protection law and has noted that the companies concerned are endeavouring to fulfil these obligations within a very narrow timeframe.

Since the beginning of this week, the FDPIC has also received requests from business clients of Fiducial Winbiz SA as they can no longer access their data, which was stored by Winbiz on the Infopro servers affected by the cyberattack. In addition, the FDPIC also received indications on 13 December 2022 that business clients of Fiducial Winbiz SA had allegedly gained access to data of other Winbiz clients. As part of the ongoing preliminary investigation, the FDPIC has today sent Fiducial Winbiz SA a list of questions and asked it to comment within a short time on the reported violation of access restrictions.