Background information
The new Swiss data protection law – what you need to know
by Florian Bodoky
Data theft in popular sport: around one million Swiss citizens affected
2.2.2024
Translation: machine translated
A massive hacker attack on Datasport AG in Gerlafingen (SO) took place at the end of January. The private data of almost one million Swiss citizens ended up in the hands of the perpetrators.
On 1 February 2024, it became known that the company Datasport AG in Gerlafingen, Solothurn, was the victim of a hacker attack. The perpetrators were able to steal around 1.3 million data records. Around 900,000 of these data records related to the company's Swiss customers. The stolen data was then offered for sale in relevant forums.
Datasport AG duly reported the incident to the Federal Data Protection Commissioner. They have been obliged to do so since the revision of the Swiss Data Protection Act.
Who is Datasport AG
The company offers various services for popular sporting events such as city runs, bike races and mountain trails. These include timekeeping, race number management and marketing services. Its customers include countless well-known hobby sports events.
The company also provides participants with a database called myDS. In this database, the company collects certain performance data at specific events on request - such as running times, rankings, etc.
What data was captured?
The data stored in the so-called "myDS-ID" is affected. First and last name, gender, date of birth, nationality, preferred language, postcode, email and home address and telephone number are stored there. However, Thomas Bachofner, CEO of Datasport AG, emphasises that neither passwords nor data from stored payment methods have been stolen.
How could this happen?
Datasport AG stated that it had commissioned a backup of all data at the end of January. However, the backup server was located in a different data centre.
Source: Florian Bodoky
During this backup, a "security-relevant vulnerability" apparently existed, as the company announced. This had been exploited - although it was closed within a few minutes.
What to do now
If you suspect that you are one of the victims, you can contact the company by email. Otherwise, Datasport advises you to be even more vigilant about phishing at the moment.
Header image: Engadin Ski Marathon
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.
Security
Follow topics and stay updated on your areas of interest
57 comments
later