Computer code
Names, addresses and dates and births were leaked by a third-party company Markus Spiske/Unsplash

A Swiss mobile phone operator has admitted its data systems were breached late last year and the contact details of about 800,000 customers were compromised.

Swisscom said on Wednesday (7 February) that the names, addresses, telephone numbers and dates of birth of customers were accessed by an unknown party, which got the data through a sales partner of Swisscom. The company was not named.

Passwords, conversations and payment data were not affected and Swisscom had not received any reports of customers suffering as a result.

It said it discovered the incident through a routine check of its activities and was carrying out an in-depth investigation. The 800,000 customers represent almost 10% of Switzerland's overall population.

"Swisscom stresses that the system was not hacked and no sensitive data, such as passwords, conversation or payment data, was affected," a breach notification issue read. "Long-established security mechanisms are already in place in this case.

"Although the misappropriated personal data is classified as non-sensitive under data protection legislation, investigating the incident is a top priority for Swisscom," the notice continued. "The relevant partner company access was blocked immediately."

A number of changes have been made to "better protect access to such non-sensitive personal data by third-party companies," the company added.

Swisscom logo Reuters

The firm said changes included the introduction of two-factor authentication on sales partners' accounts and cutting back the ability to run high-volume queries.

It said any unusual activity on third-party accounts would now trigger an alarm and block access.

"So far, Swisscom has not identified any rise in advertising calls or other activities against affected customers. There is no evidence of any harm to customers."