UBS has confirmed a data leak after a cyber attack hit one of its external service providers. The Swiss banking giant said no client data was affected in the incident, which stemmed from a breach at Chain IQ, a business services company.
According to Swiss newspaper Le Temps, files containing information about tens of thousands of UBS employees were stolen. The data was reportedly leaked on the darknet.
UBS stated:
“A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected.”
UBS responded quickly once the breach came to light.
“As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations,” the bank added.
What Happened?
The attack did not directly target UBS. Instead, it exploited vulnerabilities in Chain IQ, a third-party provider. The company supplies procurement services for UBS and other firms.
Chain IQ said that 20 companies were hit in total. It acknowledged that the stolen data was published on the darknet.
While Chain IQ admitted the breach, it refused to comment on ransom demands or any communication with the attackers.
“We cannot provide information on potential ransom demands or interactions with the attackers for security and investigative reasons,” the company said.
Other Victims and Fallout
The report by Le Temps also named Swiss private bank Pictet as another affected company. Pictet has not yet responded to media requests.
This breach comes as financial firms globally face rising threats from cyber criminals. External vendors, often the weakest link in the chain, are increasingly targeted.
Cybersecurity experts warn that even with tight internal systems, third-party vulnerabilities can expose sensitive data. UBS appears to have contained the situation well, but the incident still serves as a stark reminder of the risks in the digital age.
Why It Matters
The incident underscores a growing problem: even top banks like UBS can be hit through external partners. It’s not just about how secure your own systems are—it’s also about who you trust with access.
UBS’s reputation for quick, professional action helped avoid a bigger crisis. Still, the breach raises concerns about how employee data is protected and the role of vendors in modern banking operations.
