UBS Group AG said that information about the company had been stolen in a cyber attack on one of its suppliers, following a report a Swiss newspaper that data on more than 130,000 employees had been subject to a hack.
“A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen,” the Zurich-based bank said in a statement on Wednesday. “No client data has been affected. As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”
Earlier, Le Temps newspaper reported that the employee data had been published on the darknet following a ransomware attack on procurement service provider Chain IQ, which was spun off from UBS in 2013. A group of hackers called World Leaks, previously known as Hunters International, is said to be behind the attack, according to Le Temps.
UBS did not confirm the nature of the information lost in the attack.
Switzerland’s financial regulator said earlier this year that reports of successful cyber attacks on Swiss financial institutions jumped by almost 50% in 2024 over the previous year, and warned that outsourcing critical activities to third parties represented a “key operational risk.”
Elsewhere in Europe, the European Central Bank has also warned that some banks aren’t doing enough to tackle cyber risks. ABN Amro NV and Banco Santander both suffered data breaches following hacks at external suppliers last year.
“Not only are cyber attacks becoming more common, they are also becoming more coordinated and ever more complex, Finma chief executive officer Stefan Walter said in a speech last week.
Chain IQ confirmed Wednesday that it and 19 other companies had been the subject of an attack, without specifying which data had been affected. Chain IQ took over procurement services from UBS in multiple countries over a decade ago, and is based in Switzerland with branches in London, New York and Singapore.
Chief Executive Officer Sergio Ermotti’s direct phone number was also among the leaked information, the Le Temps said. The data was reported to also include employee addresses and details such as the floor on which they work.
Swiss private bank Pictet was also targeted, but the bank said the leaked datais limited to invoice information with some suppliers from recent years.
“The information obtained through the cyberattack on ChainIQ systems does not contain any client data of Pictet,” the bank said.
Photograph: The UBS Group AG headquarters in Zurich. Photo credit: Pascal Mora/Bloomberg
Copyright 2025 Bloomberg.
Topics
Cyber
Fraud
Interested in Cyber?
Get automatic alerts for this topic.
Source link