Switzerland-based multinational investment bank UBS Group AG has confirmed that employee data was stolen and published online following a successful ransomware-style attack on one of its third-party suppliers.
The news of the breach was first reported Tuesday by Swiss media outlet Le Temps, which said that data relating to about 130,000 UBS employees had been available online for several days. The stolen information included names, email addresses, phone numbers, positions in the company, the language spoken by employees and the office and location at which the employees work.
“No client data has been affected,” the bank said in a statement reported today by Bloomberg. “As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”
The external supplier was a contractor called Chain IQ Group AG, which was spun off from UBS in 2013. The company offers procurement services, including solutions in human resources, information technology systems, waste management, purchasing and security services.
According to Le Temps, the hacking group called World Leaks, a group formerly known as Hunters International, was behind the attack.
The group is a streamlined ransomware operation that, instead of using a double-extortion method. That’s where files are locked down with encryption and stolen, World Leaks has instead done away with the encryption side that was typical of ransomware operators and now just steals data and threatens to release it if a ransom payment is not made.
Chain IQ has also confirmed the attack but did not disclose exactly what data was stolen or which clients were affected. That matters, given that Chain IQ’s client list reportedly includes Swiss Life Holding AG, AXA S.A., FedEx Corp., IBM Corp., Swisscom AG, KPMG International Ltd. and Pictet Group SA, among others. Of the company’s clients, only Pictet has confirmed so far that it has also been affected.
While all the details of the breach are yet to be disclosed, that UBS data was stolen raises broader concerns than just another targeted company. Dr. Ilia Kolochenko, chief executive officer of application security company ImmuniWeb SA and adjunct professor of cybersecurity at Capitol Technology University in Maryland, telling SiliconANGLE via email that “based on the publicly available data, this data breach may have a disastrous and long-lasting impact on the Swiss banking industry – given that UBS is the largest financial institution of the country.”
Kolochenko added that the information of bank employees can be exploited in sophisticated scams, fraud and phishing attacks impersonating bank employees and stealing sensitive data or even funds of its clients. “The wide availability of generative AI tools, capable of impeccably impersonating voices and even videos, may certainly amplify the consequences of the data breach,” he said. “Worse, some of the stolen data may be exploited to blackmail bank employees or even facilitate money laundering via sophisticated social engineering operations.”
“The Chain IQ breach underscores the persistent and growing risk of third-party exposure in today’s interconnected enterprise ecosystem,” added Ensar Seker, chief information security officer at extended threat intelligence SOCRadar Cyber Intelligence Inc. “When suppliers hold sensitive operational or financial data, even in the absence of client personally identifiable information, they become a highly attractive target for threat actors seeking leverage, intelligence, or access pathways into high-value organizations.”
Source – https://siliconangle.com/2025/06/18/ubs-confirms-employee-data-leak-ransomware-attack-supplier/