Xplain has become a target of a ransomware attack, with cybercriminals publishing data on the Darknet in the first half of June 2023. It is still unclear how the attack on Xplain happened. Hackers like "Play" group usually leave no traces and work with unknown vulnerabilities. It is therefore difficult for the investigating authorities to determine exactly what happened.

Xplain filed a criminal complaint after the incident, provided the authorities with all the necessary information and cooperated with them in investigating and limiting the damage. We rebuilt the entire IT infrastructure in accordance with the recommendations of the National Cyber Security Center (NCSC) and replaced the external operators. An external audit of the infrastructure and processes was completed in November. The NCSC subsequently wrote an assessment of the audit. The Federal Council's strategy crisis team on data leaks (PSC-D) took note of the report.

Together with the successfully completed examination of the source code by internal and external experts, the installations of the releases could be resumed towards the end of the year. This also applies to customers outside the Federal Administration, who had made the installation of releases dependent on the audit and were able to view a summary of the report.

Stable financial situation

Xplain ends the 2023 financial year with a balanced account despite the cybercrime incident. Among other things, the diversified, long-term business model and the benefits from indemnity insurance contributed to this. The company has secure liquidity and is looking to the future with confidence. No employees have left the company since last May. 

Most customers continued working on the projects, but they had to wait for approval to install releases. The corresponding delays in payments temporarily led to a tense liquidity situation, which the shareholders were able to bridge with the support of the banks. Xplain provided customers and the relevant authorities with standardized financial reporting so that they could form their own opinion. Based on these reviews, work was finally resumed.

Last update: 8 February 2024

On March 7, 2024, the National Cyber Security Center (NCSC) published a report on the analysis of the data published by the perpetrators on the darknet. It confirms the assumption that the hacker group did not systematically exfiltrate data and did not retain any data. A new finding is the selective non-publication of certain files in Russian which might be an attempt to conceal a Russian connection. Xplain had analyzed the data itself in parallel to the investigations by the authorities and coordinated the findings with the federal investigation.

Last update: 7 March 2024