Cyber attack on Comparis: what customers need to know

On 7 July 2021, the Comparis Group was the victim of a ransomware attack. Find out here what happened and what steps you can take.

Email

I have received an e-mail from Comparis explaining the cyber attack of July 7, 2021. Is this message really from you or from scammers?

On 14 and 15 July, Comparis sent out an e-mail to Comparis users from one of the following addresses: privacy@email.comparis.ch, noreply@email.comparis.ch or noreply@email.optimatis.ch.

What happened?

On 7 July, the Comparis Group was the victim of an organized cyber attack of a highly criminal nature. Comparis immediately took all the steps necessary to protect all data. For example, it quickly shut down all its IT systems as soon as the attack became apparent. The systems were then restored in a secure environment.

The ransomware (in German only) attack crippled various IT systems across the Comparis Group. The comparis.ch website is now securely back up and running.

We reached an agreement with the blackmailers at the end of July. The agreement enabled us to decrypt a number of files that were essential to our operations, some of which we could not otherwise have recovered at all and some only with a great deal of time and effort.

Which data is affected?

Unfortunately, however, detailed analyses show that the perpetrators had access to internal customer-relevant data of the Comparis Group. 

The attack has affected customer-related data in Comparis accounts and data from Comparis sister companies. Customers who may have been affected will be informed directly. Passwords are stored as a hash.

What protective measures have been taken?

We are taking this matter very seriously. We immediately took all the steps necessary to protect all data. For example, we restored all systems from scratch in a secure environment. The Comparis Group also involved the law enforcement authorities and the Swiss Federal Data Protection Commissioner and is working closely with their cybercrime specialists. Charges have been filed against unknown persons.

Due to the nature of the attack, we can now assume that it was not targeted specifically at Comparis, but that the hackers were able to exploit a more general vulnerability. We have now identified the access point of the hackers. This was blocked by our security measures as soon as the attack was discovered and is permanently secured. To reduce the risk of future attacks, we will continue to expand and step up our security measures.

What steps can customers take?

Do you have an account with us? If so, we strongly advise you to change your password as soon as possible as a precaution.

Should your data be affected, we cannot rule out the possibility of it being used by third parties for commercial or fraudulent purposes. The canton of Zurich police department provides an overview here (in German only). We urge you to be extremely vigilant in general, but especially if you are contacted by an unknown party claiming to work for a bank or insurance company and who is in possession of particular information about you. Please report any such incidents to us so that we may pass the information on to the investigating authorities.

I cannot change my password. What should I do?

If you have never explicitly created a Comparis account, you have no password and therefore cannot change it. If you requested a password reset but received no e-mail (check also your spam folder), you can assume that you do not have an account with us. Important: it is possible that you have subscribed to our newsletter or set up a search alert without having an account. Note also that deleting your account may not necessarily automatically unsubscribe you from the newsletter or e-mails about searched properties.

I received a call from a call centre employee who informed me that I have been affected by the cyber attack and that they would like to advise me. Are they scammers? And what should I do?

Some individuals have taken it upon themselves to exploit the hacker attack. They are calling people at random. Do not under any circumstances agree to any offers they may make, but report the incident to the National Cyber Security Centre. At the moment, we are assuming that these calls are random and have nothing to do with any theft of data.

I was contacted by someone claiming to be an insurance broker. They knew exactly which health insurance company I was with and had data about me. Is this connected with the Comparis cyber attack?

Some individuals have taken it upon themselves to exploit the hacker attack. Some dishonest brokers keep old address lists from previous attempts to contact potential clients. These brokers are trying to exploit the current situation of uncertainty for their own ends. Their mobile phone numbers are often fake as well and cannot be traced. We advise you to ignore these calls and to block the number.

Why is my data still stored at Comparis?

In accordance with our data privacy statement, older e-mail addresses are regularly deactivated, anonymized or deleted from our core systems for marketing and customer data management (e.g. our customer relationship management (CRM) application). The attackers did not have access to these systems.

However, there are also some data directories on which certain technical data and other information is stored for a longer period (e.g. logs), which may also contain the e-mail addresses of some users. These are not used for marketing purposes, and marketing and customer service staff cannot access them any more. Our detailed analyses revealed that the attackers may have been able to gain access to these drives. At the moment, we cannot gauge whether any – nor which – of this data was stolen.

To be on the safe side and in the interests of transparency, we decided to inform as many people as possible, even though most users are probably not affected. Give this highly exceptional situation, we also reactivated old and otherwise inactive e-mail addresses that were no longer used and loaded them into a separate part of our marketing system. This allowed us to send out the e-mail to warn people. Of course, this data was deleted as soon as all the e-mails had been sent. We were in fact already working on making the data deletion process more restrictive, but since our systems have grown over the years, it was taking time to make the necessary adjustments. In this case, it actually came in handy that we were still able to reactivate the old e-mail addresses for the current emergency even though they were out of use (this would not have been possible if we had completed these adjustments). We came to the conclusion that it was more important to warn users than to to deal with any questions regarding the use of these old e-mail addresses.

How can I contact you?

Comparis:

Telephone: +41 44 360 52 62 (Mon-Fri, 8 a.m. - 12. p.m. / 1 p.m. - 5 p.m.)

E-mail: info@comparis.ch

Since our telephone availability is currently still limited, Comparis has temporarily provided the following mobile numbers for you to use:

+41 77 954 66 31

+41 78 641 50 77 (Mon-Fri, 8 a.m. - 12. p.m. / 1 p.m. - 5 p.m. for both numbers)

Credaris:

Telephone: +41 44 556 60 00 (Mon-Fri, 9 a.m. - 6 p.m.)

E-mail: info@credaris.ch

Optimatis:

Telephone (Mon-Fri, 8 a.m. - 12. p.m. / 1.30 p.m. - 5.30 p.m.):

+41 78 204 27 86 (DE/EN)

+41 78 209 33 24 (DE)

+41 78 202 89 96 (DE/EN)

+41 78 204 11 29 (DE/FR)

E-mail: info@optimatis.ch

HypoPlus:

Telephone: + 41 44 500 71 61 (Mon-Fri, 8 a.m. - 6 p.m.)

E-mail: info@hypoplus.ch

Welcome! You are now logged in.
Go to user account