Cyberattack Exposes Employee Data, Not Client Info
Swiss banking giants UBS and Pictet disclosed a data breach on Wednesday stemming from a cyberattack on external service provider Chain IQ. Both banks emphasized that no client information was compromised. However, Swiss outlet Le Temps reported that files containing personal details of tens of thousands of UBS employees were stolen, including an internal phone number for CEO Sergio Ermotti.
Details of the Cyberattack
Chain IQ, based in Baar, confirmed the incident impacted it and 19 other companies. It said the stolen data was posted to the darknet on June 12. Chain IQ has not disclosed whether a ransom was demanded, citing security concerns. The firm said countermeasures were taken promptly and the situation has since been contained.
UBS stated it moved quickly to prevent operational disruptions upon learning of the breach. Meanwhile, Pictet clarified that its compromised data involved only invoice details related to suppliers and consultants, with no exposure of client data.
Broader Industry Reaction
Swiss regulator Finma acknowledged the incident and is monitoring it under standard protocols. Chain IQ’s client list includes major names like KPMG and Mizuho. KPMG said its infrastructure remained unaffected but implemented additional protective measures following the leak.
Long-Term Implications for Swiss Banking
Cybersecurity experts warned of broader risks. Ilia Kolochenko, CEO of Swiss-based ImmuniWeb, said the breach underscores the systemic vulnerability of major institutions to third-party vendors. He cautioned that such incidents could erode long-term trust in the Swiss banking sector if not properly addressed.
