UBS breach: Bank confirms company data stolen in attack on supplier

No client information compromised, it says

Image:

UBS breach: Bank confirms company data stolen in attack on supplier. Source JaierRT, Wikimedia Commons

Zurich-based banking giant UBS Group has confirmed that company information was stolen during a cyberattack on one of its external suppliers, though it assured that no client data was compromised.

The bank said the breach was part of a larger cyber incident affecting multiple companies, including former UBS affiliate Chain IQ and Swiss private bank Pictet.

"A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen," UBS said in a statement.

"No client data has been affected. As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations."

The breach, reportedly the work of a hacker group known as World Leaks, formerly known as Hunters International, was first disclosed by Swiss newspaper Le Temps, which claimed that sensitive information on more than 130,000 UBS employees had been leaked on the darknet.

This reportedly includes home addresses, floor-level office details, and even the direct phone number of UBS CEO Sergio Ermotti.

The attack is believed to have targeted Chain IQ, a procurement services firm spun off from UBS in 2013.

Chain IQ confirmed it had been targeted, along with 19 other companies, but did not specify what data had been exposed.

Headquartered in Switzerland, Chain IQ operates offices in London, New York and Singapore, and handles procurement services for major institutions globally.

Swiss private bank Pictet was also among the victims of the cyberattack.

In its own statement, Pictet clarified that "the information obtained through the cyberattack on Chain IQ systems does not contain any client data of Pictet," adding that the leak was limited to invoice data involving certain suppliers from recent years.

Switzerland's financial markets regulator FINMA has repeatedly warned that overreliance on third-party providers constitutes a "key operational risk."

The regulator reported earlier this year that successful cyberattacks on Swiss financial institutions surged by nearly 50% in 2024 compared to the previous year.

"Not only are cyber attacks becoming more common, they are also becoming more coordinated and ever more complex," FINMA CEO Stefan Walter said in a speech last week.

The European Central Bank recently cautioned that many banks are still not doing enough to combat mounting cyber threats.

Last year, ABN Amro NV and Banco Santander experienced data breaches after their own third-party providers were compromised.

Commenting on the data breach, Raghu Nandakumara, head of industry solutions at Illumio, said: "The cyberattack on Chain IQ is another reminder why organisations cannot neglect supply chain risk.

“Under DORA, both critical third-party suppliers and the organisations that rely on them have clear obligations to manage ICT risk, ensure transparency and maintain operational resilience. This means maintaining full visibility into critical third parties, regularly assessing supplier risk, and ensuring that partners meet strict security and compliance standards.

"Third-party risk can no longer be treated as a box-ticking exercise; it needs to be actively managed, tested and challenged."