The prominent Swiss banks UBS and Pictet have now confirmed they suffered a significant data leak due to a cyberattack. This major security breach occurred at their shared subcontractor, a company named Chain IQ, which is based in Switzerland. Sensitive data concerning 130,000 UBS employees, including the bank’s CEO Sergio Ermotti, is reportedly available for sale on the dark web. More than 100,000 employees of UBS have been directly affected by this massive theft of very sensitive personal data from the company. The incident has cast a spotlight on the growing cybersecurity vulnerabilities that exist within the entire European financial services sector today.
A UBS spokesperson told the AWP news agency that absolutely no client data was at all affected by this security incident. “As soon as UBS became aware of the incident, it acted quickly to avoid any impact on its activities,” the spokesperson said. At Pictet, tens of thousands of invoices from a number of their suppliers in recent years have been stolen by the attackers. A spokesperson for Pictet also confirmed that the leaked data does not contain any information at all about their private clients. They stated that as soon as this incident became known, various precautionary measures were immediately taken to avoid any further impact.
The company at the center of this breach, Chain IQ, first communicated the data leak to its partners on June 13th.
The Baar, Switzerland-based company has several international subsidiaries that are located in New York, London, Singapore, and other cities. Its many high-profile clients include UBS, the Manor department stores, the construction giant Implenia, and also the consultancy firm KPMG. This highlights the potential for this security incident to be a very significant supply chain attack affecting multiple different global organizations.
The full list of affected Chain IQ clients has not yet been publicly disclosed by the company to the public.
This particular data breach underlines the growing menace that is posed by sophisticated cyberattacks that are operating across international borders. These attacks often target third-party firms that have access to valuable infrastructure or specific industry-related sensitive data. The leak of documents related to the UBS employees adds a significant reputational risk for the major Swiss banking institution. This attack is now likely to raise many questions among regulators and clients alike about how sensitive employee data is secured. Insurers across the European Continent are also expected to review their own risk exposure as a direct result of this incident.
Reference:
