In a major cybersecurity breach, personal information belonging to tens of thousands of UBS employees has been leaked following a cyberattack on the bank’s external service provider, Chain IQ. The incident has raised serious concerns about data security across financial institutions that rely on third-party vendors for critical operations.
The breach did not happen from inside UBS’ systems but from files stored by Chain IQ, a procurement- services firm. The stolen data has now reportedly made it’s way to the darknet, where it can be accessed by the public.
As per reports, the leaked information may include names, contact details and work-related information of employees, including senior figures. Swiss media reports say that more than 1.3 lakh records may have been compromised. Among them is said to be the direct contact number of Sergio Ermotti, CEO, UBS Group.
Meanwhile, UBS has reportedly taken urgent steps to secure its operations and prevent such issues from recurring. The bank has confirmed that its internal systems remain unaffected, and there is no indication that client data has been exposed.
Chain IQ, headquartered in Zurich, works with several financial institutions worldwide, making the fallout of the breach potentially far-reaching. Another Swiss bank, Pictet, has also been impacted by a similar attack. While Pictet’s systems continue to be safe and secure, attackers have reportedly accessed invoice data from external suppliers dating back several years.
Both banks are carrying out internal investigations and consulting with authorities to assess the extent of the breach and its repercussions. The incident will only lead to more close examination of third-party cybersecurity practices in the finance space.
