GENEVA (AP) — Four of Swisscom’s internal data files that included employee emails and other information were leaked to a top newspaper in what appears to be a criminal act, the telecommunications company said Wednesday.
Zurich daily Neue Zuercher Zeitung reported that it received the leaked electronic files a few months ago, but said it wasn’t clear exactly how they were obtained or where they originated. The newspaper said they took the files, which were difficult to read, to experts to see what they contained.
The files included 600,000 phone numbers and agreements between Swisscom and some of its individual and business clients, the newspaper known as NZZ reported. The newspaper ran a picture of one of the allegedly stolen backup “tapes,” which is said were recorded between October 2008 and May 2010, but included emails from 2002 to 2008.
Swisscom, the nation’s leading telecom company, said it recovered three of the four files from the newspaper on Tuesday, and that the fourth one “has been returned by NZZ to its source.”
The company said it is pursuing criminal charges and doing everything it can to get the fourth file back. A spokesman for the Swiss prosecutor’s office confirmed to The Associated Press that it has opened a criminal investigation.
Swisscom said the files contained internal data, but that it wasn’t yet clear whether they also contained customer data and it was still analyzing the three returned files.
“It cannot be ruled out at the present time that customer information is stored on the tapes,” it said.
A publicly traded company in which the government has the majority stake, Swisscom said it also has launched internal probes and notified the Swiss Federal Data Protection Commissioner. Data protection laws in Switzerland are particularly strict.
“Swisscom is doing its utmost to clarify the incident as fast as possible. It is currently assumed that it was motivated by criminal intent,” the company said.
The company said the type of “data carriers” that were apparently stolen have not been used by Swisscom since last year.
“Swisscom has extremely stringent regulations governing the secure and sustainable disposal of such data carriers,” it said. “Data carriers are transported in a convoy with two escort vehicles before they are destroyed (shredded). External partner companies are also involved in this process.”
The company says it now mostly stores its data on hard disks, which are demagnetized — and the data deleted — before they are disposed of.