A ransomware attack on Xplain, a Swiss software developer contracted by the country's federal government, was discovered almost immediately in late May 2023. A new report from the country's National Cyber Security Centre (NCSC) has shed additional, disconcerting light on the extent of the incident. The report revealed that 1.3 million files were released by the threat actor, Play, with 65,000 files considered 'relevant' to the Swiss government, including employee data and passwords vulnerable to identity theft, technical specifications, and unspecified 'classified information'. Xplain updated its statement on the attack, claiming to have filed a criminal complaint and rebuilt its IT infrastructure. Despite this, the company maintains that it has not been significantly harmed financially by the event. The incident raises concerns about potential future impact on the Swiss government's cybersecurity.