The personal data of more than 750 hooligans from Switzerland has been published on the dark web by unknown sources.
Hooliganism is a popular phenomenon all over the world. The term is most commonly associated with violent behavior among football fans, be it against other fans or teams. The Swiss hooligans affected by this major security breach are not regular violent individuals but people registered in federal databases.
The issue has been caused by a serious hacking attack on the servers of Xplain, an IT service provider. It occurred at the beginning of June, but the data was made public later on.
A few words about the HOOGAN database
Hooligan related violence is a major problem in Switzerland. Although not as intense as they used to be in the past, clashes between hooligans and acts of violence are still a serious issue. Such problems affect both ice hockey and football games all over the country.
In order to maintain a safe environment for players and fans, the police have created a HOOGAN database, which keeps hooligans registered in a database.
Based on what they’ve done, different people have faced different penalties, with some of them banned from attending games or having to report to police offices on a regular basis.
By the time of the hacking attack, 1,017 hooligans and their details were included in the HOOGAN database. At the same time, 332 people were under investigation when the attack occurred, so their data is also registered.
Personal details of hooligans are retained for three years after police measures stop.
The connection between Xplain and the police
Xplain is one of the largest IT providers in Switzerland, often associated with governmental institutions, including the police. The Fedpol (Federal Office of Police) is one of the main clients of the service.
The data extract has been taken from an information system established in 2015, according to a representative for the Fedpol.
It’s expected that more data has been breached, but the police servers were the most important capture for the hacking team behind the attack, hence the media attention.
Data for 766 different people registered in the database has been taken. The database is officially known as HOOGAN and aims to keep hooligans away from sporting events in Switzerland.
The files published on the dark web include personal details of hooligans, but no information related to the offenses committed to be on the list, not to mention the measures taken by authorities against them.
People affected by this serious security breach have been informed through letters, according to the Fedpol.
It’s a serious problem for the Swiss IT provider, especially since Switzerland has always been associated with high secrecy in terms of personal data, from banking to police files. It's also expected the people affected to take action against the low security standards of Xplain.
How the hacking attack occurred
According to a police representative, an investigation has been started to understand how these files were stolen. While normally stored on police servers, the respective data was stored with Xplain, hence the breach.
Preliminary results show that Xplain provides various software for the police force in Switzerland, as well as the Swiss justice system. The attack didn't target these particular institutions, though. Instead, it was aimed at Xplain.
Apart from the data extracted from the HOOGAN database, it seems the hacking team behind the attack also grabbed files related to the army, not to mention the Federal Office for Customs and Border Security.
More files from other institutions were also published, yet they didn’t seem to be as important as the HOOGAN database.
Apart from the internal investigations run by Fedpol and Xplain, the Office of the Attorney General has also started a separate investigation. At the same time, the publication of such private information is illegal in Switzerland, so the Fedpol has begun a different criminal investigation to identify the criminals.
The attack didn’t affect the functionality of the HOOGAN database. Instead, it only grabbed a chunk of personal information, which made it public on the dark web. The database is operational.
Investigations are still ongoing
Multiple investigations by different bodies have been started, including one by the Federal Council, which set up a secret cell to coordinate everything and find the people responsible for the hacking attack.
Furthermore, the government has also stepped in and ordered an investigation through the Federal Department of Finance.
It looks like the issue is not related to the Xplain hacking only. Instead, the government also needs to know how a private IT supplier can store sensitive information like the HOOGAN database.
All the investigations are still ongoing and may take weeks or even months. However, given the high level of privacy and anonymity over the dark web, it’s hard to tell whether the officials will find anyone responsible for the attack.