Swiss banking giant UBS has confirmed it was impacted by a cybersecurity breach stemming from an attack on Chain IQ, a Switzerland-based external service provider.
While client data remains unaffected, news reports indicate the stolen files include sensitive internal information, such as records on tens of thousands of UBS employees and potentially a direct line to CEO Sergio Ermotti.
The incident, first reported by Swiss newspaper Le Temps, highlights growing vulnerabilities in the financial sector’s third-party ecosystems. Chain IQ, which also lists KPMG and Mizuho among its clients, was one of 20 companies targeted in the breach. According to Chain IQ, the attackers published the data on the darknet on June 12.
UBS stated it took “swift and decisive action” upon discovering the breach to ensure continuity of operations and limit exposure. “A cyber attack at an external supplier has led to information about UBS and several other companies being stolen,” the bank confirmed, stressing that no client information was compromised.
While Chain IQ has not disclosed whether a ransom was demanded, it acknowledged ongoing investigations and said appropriate countermeasures were taken. The scope of the breach has raised concerns across the financial industry, particularly as banks rely heavily on external service providers for procurement and operational support.
Private bank Pictet, also affected in the same incident, said the compromised data involved only supplier invoice information, not customer records. The bank reiterated that it has stringent data protection protocols in place to prevent unauthorized access.
This breach underscores the critical cybersecurity risks associated with outsourcing and reinforces the need for robust vendor risk management frameworks — especially for institutions handling sensitive financial and personal data.
InfotechLead.com News Desk
