Leading Swiss price comparison platform Comparis has notified customers of a data breach following a ransomware attack that hit and took down its entire network last week.
Comparis is one of the most popular Swiss websites with more than 80 million visits every year and the largest Swiss online marketplace for property and cars.
The online independent comparison service allows Swiss nationals to compare prices and products for a wide range of health insurers, insurance companies, banks, and telecom providers, among others.
Ransomware attack leads to company-wide shutdown
“On 7 July, the Comparis Group was the victim of an organized cyber attack of a highly criminal nature. Comparis immediately took all the steps necessary to protect all data,” the company explains in an official statement.
“For example, it quickly shut down all its IT systems as soon as the attack became apparent. The systems were then restored in a secure environment.”
The Comparis Group informed the Swiss law enforcement authorities and the Swiss Federal Data Protection Commissioner of the attack and works with their cybercrime experts to investigate the incident.
As the online platform discovered during the investigation, the ransomware operators behind the attack could gain access to and likely steal customer data stored on Comparis Group’s systems.
The company says that the attackers have accessed account data belonging to Comparis and Comparis sister companies’ customers, including passwords “stored as a hash.”
Users with a Comparis account are advised to change their passwords as soon as possible to block potential attempts to take over their online accounts using stolen credentials.
Customers report receiving scam calls
Following the attack, some Comparis users have reported receiving calls from individuals posing as legitimate call center employees and offering advice on how to deal with the data breach aftermath.
Other users said they were contacted by people claiming to be insurance brokers who had info on the recipients’ health insurance company and other data.
Comparis says these calls and contact attempts are either from scammers trying to take advantage of the cyberattack and calling potentially impacted people randomly or using older address lists, with no direct relation to the data theft reported following the ransomware attack.
“Should your data be affected, we cannot rule out the possibility of it being used by third parties for commercial or fraudulent purposes,” the company added.
“We urge you to be extremely vigilant in general, but especially if you are contacted by an unknown party claiming to work for a bank or insurance company and who is in possession of particular information about you.
“Please report any such incidents to us so that we may pass the information on to the investigating authorities.”