Two of Switzerland’s top financial institutions, UBS and Pictet, have disclosed that a cybersecurity breach at a third-party vendor resulted in a data leak — though no client data was compromised, they assured the public.
The breach originated at Chain IQ, a business services provider located in Baar, Switzerland. According to a report by Swiss newspaper Le Temps, attackers managed to obtain files containing information on tens of thousands of UBS employees.
Among the exposed data was reportedly the internal direct line to UBS CEO Sergio Ermotti. “A cyber attack at an external supplier has led to information about UBS and several other companies being stolen.
No client data has been affected,” UBS confirmed. The bank added, “As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”
Related: Cybersecurity News
Wider Fallout from the Cyber Incident
Chain IQ stated that a total of 20 organizations, including itself, were targeted in the cyberattack. The compromised data has since been released on the darknet, a concealed section of the internet typically used for illicit activity.
While the company noted that it had taken prompt measures to control the fallout, it declined to discuss ransom requests or negotiations, citing security and legal concerns.
The Swiss financial markets supervisor, Finma, acknowledged the breach and confirmed it was handling the case according to protocol. Chain IQ’s website lists several notable clients, including KPMG and Mizuho.
In response to the leak, KPMG said its own systems were not impacted, but it has nonetheless implemented enhanced security precautions.
Pictet clarified that no customer-related data was exposed in the breach. The stolen information was limited to billing details linked to a few external service providers, including tech vendors and consulting firms.
The bank emphasized its commitment to security, stating it has strict measures in place to prevent unauthorized access.
Ilia Kolochenko, CEO of Swiss cybersecurity company ImmuniWeb, highlighted the broader implications: third-party vulnerabilities can create serious risks for even the most robust financial institutions.
He noted this event could have lasting repercussions for trust in Swiss banking systems.
- Washington Post Probes Cyberattack Targeting Journalists’ Email Accounts
- Leading Chinese Crypto Hardware Firms Launch U.S. Production to Dodge Tariffs
- Meta Offered $100 Million Bonuses to OpenAI Employees