UBS and Pictet report data leak after cyber attack on provider, client data unaffected


FILE PHOTO: A logo of Swiss bank UBS is seen in Zurich, Switzerland, May 1, 2025. REUTERS/Denis Balibouse/File Photo

ZURICH (Reuters) -Swiss banks UBS and Pictet said on Wednesday they had suffered a data leak due to a cyber attack on a provider in Switzerland that did not compromise client information, although a report said thousands of UBS workers' data was affected.

Swiss newspaper Le Temps said that files containing details of tens of thousands of UBS employees were stolen from the Baar-based business service company Chain IQ, whose website lists KPMG and Mizuho among its clients.

"A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected," UBS said.

"As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations."

The leaked cache also included the number of a direct internal line to UBS CEO Sergio Ermotti, Le Temps reported.

Chain IQ said it and 19 other companies were targeted in the attack, resulting in leaked data being published online on the darknet - a part of the internet not accessible through standard search engines.

Steps and countermeasures were promptly taken and the situation was contained, it said in a statement.

Swiss financial market regulator Finma said it was aware of the incident and was handling it in line with established procedures.

In a statement, KPMG said its infrastructure has not been affected by the cyber attack, but that it had put added safeguards in place after news of the leak.

Chain IQ, which said the data was published on the afternoon of June 12, said that it could not provide any information on potential ransom demands or interactions with the attackers for security and investigative reasons.

Private bank Pictet said the information stolen did not contain its client data and was limited to invoice information with some of the bank's suppliers, such as technology providers and external consultants.

Pictet said it took data breaches seriously and had protocols and agreements in place to stop unauthorised access.

The attack was a reminder that third parties can leave even the biggest institutions exposed and that could have a potential long-term impact on Swiss banking, said Ilia Kolochenko, CEO of a Swiss-based security firm ImmuniWeb.

(Reporting by Oliver HirtWriting by Dave GrahamEditing by Tomasz Janowski, Bernadette Baum and Elaine Hardcastle)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News

Opinion: Will Big Tech transform school into an AI video game?
DeepSeek bans being issued in growing number of countries
Google to pay $2.4 billion in deal to license tech of Windsurf, WSJ reports
Opinion: ChatGPT’s mental health costs are adding up
Elon Musk says his new AI model 'better than PhD level in everything'
Google hires Windsurf CEO and researchers to advance AI ambitions
Apple bids for Formula 1 US streaming rights, Business Insider reports
Musk's xAI seeks up to $200 billion valuation in next funding round, FT reports
Paris prosecutors ask police to join investigation of Musk's X
UN report urges stronger measures to detect AI-driven deepfakes

Others Also Read