Cyber Attack on Chain IQ Triggers Data Breach at Major Swiss Banks
Swiss banking giants UBS and Pictet Data have confirmed a data breach following a cyber attack on their external service provider, Chain IQ. While both financial institutions assured that client data remains unaffected, the breach has raised serious concerns over third-party vulnerabilities. UBS clarified that it promptly acted to mitigate operational impacts once the breach was discovered. According to Swiss newspaper Le Temps, the stolen data includes internal documents, such as direct contact information for UBS CEO Sergio Ermotti, and detailed records of tens of thousands of UBS employees.
The attack targeted Baar-based Chain IQ, a business service company whose clientele includes major firms like KPMG and Mizuho. Chain IQ confirmed that it was one of 20 companies impacted, with stolen data being leaked on the darknet. The company stated that it swiftly implemented countermeasures and has since contained the situation. Due to ongoing investigations, Chain IQ declined to comment on whether ransom demands were made or if there was direct communication with the attackers.
Wider Implications and Official Responses
The incident has drawn attention from Switzerland’s financial watchdog, Finma, which is currently handling the matter according to standard procedures. Though Chain IQ is at the center of the breach, affected organizations are taking independent steps to safeguard their data. KPMG, for instance, confirmed that its infrastructure remains uncompromised but said it had added further security measures in response to the leak.
Pictet Data , meanwhile, emphasized that no client data was exposed. The private bank stated that the breach involved only invoice-related data from third-party vendors like tech service providers and consultants. “ Pictet Data takes data security very seriously,” the bank noted, underscoring that it has protective protocols and supplier agreements in place to prevent unauthorized access.
Expert Concerns Over Third-Party Cybersecurity Risks
Cybersecurity experts say this incident is a strong reminder of the risks associated with third-party service providers, even for large and well-defended financial institutions. Ilia Kolochenko, CEO of Swiss-based cybersecurity firm ImmuniWeb, warned that such incidents could have lasting repercussions for the Swiss banking sector’s reputation. “Third-party attacks can compromise even the most secure institutions,” he noted, stressing the need for tighter oversight and risk management when working with external partners.
As investigations continue, the focus shifts to the preventive measures these institutions will adopt moving forward. The breach underscores the growing importance of cybersecurity not just within banks but throughout their entire supply chains. Swiss banks, known globally for their discretion and data security, may now need to reassess how they manage digital threats from external vendors in an increasingly interconnected digital world.
