UBS Confirms Data Leak Following Cyberattack on External Provider Chain IQ
UBS, Switzerland’s largest bank, has disclosed a data leak resulting from a cyberattack on one of its external service providers, business support firm Chain IQ. The bank emphasised that no client data was compromised in the breach.
“A cyberattack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected,” UBS said in an official statement on Wednesday.
The attack, which targeted Chain IQ, exposed internal employee data but did not impact UBS’s operations or customer-facing systems.
Details of the UBS Cybersecurity Incident
According to Swiss newspaper Le Temps, files containing sensitive data on tens of thousands of UBS employees were stolen. The stolen data has reportedly been published on the darknet.
Upon discovering the breach, UBS said it acted quickly to mitigate risks:
- Immediate containment and response measures
- No breach of client information or financial systems
- Ongoing monitoring and coordination with the affected vendor
Chain IQ and Other Firms Affected in the Cyberattack
Chain IQ, the Zurich-based global procurement services firm, confirmed that it and 19 other companies had been targeted in the cyberattack. In a statement, Chain IQ said:
“Steps and countermeasures were promptly taken, and the situation is contained.”
The company declined to comment on ransom demands or any negotiations with the attackers, citing ongoing investigations and security reasons. The same attack also reportedly impacted Swiss private bank Pictet, though the institution has not yet responded to requests for comment.
What This Means for Cybersecurity in Financial Services
The UBS data leak underscores the growing threat of supply chain cyberattacks, where vulnerabilities in third-party service providers can expose critical enterprise data. While no UBS customer data was compromised, the incident highlights the importance of:
- Strengthening vendor risk management
- Implementing zero-trust cybersecurity frameworks
- Ensuring incident response readiness
The financial industry continues to be a top target for cybercriminals, especially as institutions increasingly rely on external vendors and cloud-based services.
Key Takeaways:
- UBS confirms employee data leak after cyberattack on Chain IQ
- No UBS client data compromised, and operations remain unaffected
- Data from at least 20 companies reportedly leaked on the darknet
- Chain IQ took containment steps and refused to disclose ransom-related details
- Swiss private bank Pictet also reportedly impacted
