Massive leak as 1.3 TB of Swiss federal files stolen via third party ransomware attack

A massive data leak just hit Switzerland

A ransomware attack has led to one of Switzerland’s biggest data leaks in years. Hackers stole 1.3 terabytes of files linked to government agencies without ever touching federal systems directly.

The attack targeted a nonprofit called Radix, which works on health promotion projects with the Swiss government. Now, authorities are scrambling to find out what exactly was exposed and how far the damage goes.

Hackers went through a third-party nonprofit

Instead of hitting a government server, the attackers struck Radix, an external organization that manages public health projects. That backdoor gave them access to sensitive documents tied to federal programs.

Cyber experts call this a supply chain attack, and it’s the kind of thing that’s becoming more common. One weak partner can put an entire system at risk, even if that partner doesn’t have direct system access.

Leaked files already posted online?

The ransomware group didn’t just steal the files; they published them online. Security researchers discovered 1.3 terabytes of data posted to a dark web leak site.

That includes internal documents, contracts, scanned records, and communications. The Swiss government is now reviewing the contents to determine which materials are sensitive, which are already public, and what immediate actions are required.

Sarcoma group behind the ransomware attack?

A rising ransomware gang called Sarcoma is believed to be responsible for the attack. The group has been active since late 2024 and is known for high-impact data leaks.

Sarcoma encrypts stolen data, demands ransom, and often publishes files when targets don’t pay. This incident follows that same pattern, and Radix confirmed the breach after the data was leaked.

Systems were secured but data still leaked?

Radix has confirmed the breach but says it took all the right steps to secure its systems. The nonprofit shut down affected servers, revoked access rights, and reported the attack immediately.

It also said that data backups were not affected, and that it has been working closely with authorities. But critics are asking how so much sensitive information ended up vulnerable in the first place.

Government files leaked in Radix breach

Even though Radix isn’t part of the government, the breach still reached federal data. The National Cyber Security Centre confirmed that several government offices were affected.

Officials say Radix had access to documents through collaboration, not through system access, so no direct breach of federal servers occurred. But the leaked material still includes files linked to state projects and services.

Investigators reviewing 1.3 terabytes of files

Authorities are now going through the massive pile of leaked data to understand what was exposed. That process could take weeks.

Documents may include financial records, scanned correspondence, internal memos, and possibly sensitive health project data. Agencies are trying to identify what’s harmless and what poses a risk to operations or privacy.

Trusted partner becomes a threat source

This incident shows how even trusted partners can open the door to major problems. Radix was never supposed to be a threat vector, but it became one.

Cyber experts say many organizations still underestimate the risk that third-party vendors bring. A weak link outside the core system can still cause serious damage, as this breach proves.

New ransomware group on the rise

Sarcoma isn’t as famous as some other ransomware gangs, but it’s growing fast. First spotted in October 2024, the group has now pulled off one of the largest data leaks in Switzerland.

Researchers say Sarcoma’s style is aggressive. It targets smaller organizations connected to bigger ones, then uses their access to expose larger networks. That strategy is proving hard to defend against.

Public questions how this happened?

People across Switzerland are asking how so much data got exposed through a nonprofit. Was the partnership too relaxed? Did Radix have more access than it should have?

Government agencies say safeguards were in place, but many believe this breach should never have happened. The conversation is now shifting to accountability and how future risks can be reduced.

Switzerland on alert after data leak

The Swiss government says there’s no indication that its own servers were hacked. That’s the good news. The breach didn’t happen from inside; it came through outside collaboration.

Still, the impact is real. Federal offices now have to treat this like an internal leak, because their data is out there. Security teams are on high alert in case more attacks follow.

Privacy laws kick in after file leak

Since the leak may include personal or medical data, Switzerland’s privacy regulators are now involved. Agencies are reviewing whether individuals need to be notified under data protection laws.

If any personal information was shared with Radix and ended up in the stolen files, government departments could be required to inform affected people. That process has already started in some cases.

Leaked files may include patients records

Because Radix works on health-related initiatives, some of the leaked documents might involve project details, research, or patient-related files. The full contents aren’t public yet, but agencies are checking closely.

This raises questions about how securely public health collaborations are managed. Sensitive work may need to shift to more tightly controlled environments moving forward.

Lawmakers demand stronger vendor rules

Swiss lawmakers are now pushing for tighter oversight of third-party partners. That could include measures such as required audits, stricter access controls, and new standards for data‑sharing agreements.

They also want more transparency around which organizations work with federal data. For many, this incident shows that partnerships without strict checks can put national systems at risk.

Investigation still ongoing across agencies

The review is far from over. With 1.3 terabytes of data leaked, federal offices are working closely with Radix and security experts to figure out what was stolen, who’s affected, and what steps to take next.

This isn’t just a Swiss problem either. Ransomware is hitting harder and spreading faster around the world. See how Ghost ransomware is now targeting companies in more than 70 countries and what that means for global cybersecurity.

Curious how other ransomware groups are spreading globally? Check out how Ghost Ransomware struck firms in 70+ countries.

Trusted links can become weak spots

This breach wasn’t caused by a failure inside Swiss government systems. It started when the Sarcoma ransomware group hit Radix, a trusted external vendor. That one connection led to the leak of 1.3 terabytes of sensitive files tied to federal offices.

The government’s own servers weren’t hacked, but the fallout is just as serious. It’s a clear reminder that even secure systems are vulnerable to third-party partners.

As investigations continue, this raises a bigger question for national security planning, that is, should governments start limiting tech collaborations when sensitive data is involved?

This is a must-read for all because people do not realize how important encryption is and how it shapes our everyday security.

What do you think about this? Let us know in the comments, and don’t forget to leave a like.

Read More From This Brand:

• Hidden Spy Apps Leak Data of Millions
• Thousands of Users Hit by Payment Leak
• WhatsApp Under Siege by Russian Hackers

Don’t forget to follow us for more exclusive content right here on MSN.

If you liked this story, you’ll LOVE our FREE emails. Join today and be the first to get stories like this one.

This slideshow was made with AI assistance and human editing.