A significant cybersecurity breach has rattled UBS, as sensitive data concerning 130,000 of its employees has surfaced on the darknet following a hacker attack on its procurement service provider. But UBS isn’t the only one feeling the heat from this incident.
The breach traces back to Chain IQ, a procurement service provider and former UBS spinoff, which has also served other prominent clients such as Pictet, Manor, and Implenia. The troubling news was first reported by the Swiss daily Le Temps, shedding light on a severe data theft that occurred in June.
Among the leaked information are names, email addresses, landline numbers, and, in some instances, mobile numbers—one of which belongs to UBS CEO Sergio Ermotti. Other details include job levels, languages spoken, and office locations within the bank.
Chain IQ, headquartered in Baar with additional offices in Geneva and Zurich, has established itself firmly in the procurement sector, delivering services that cover human resources, IT systems, waste management, and more.
The data leak is not just a concern for UBS. Chain IQ’s client list is also up for grabs on the darknet; a troubling revelation. The firm has previously engaged with over 400 partners, and now exposed are the details of contracts, service types, and the internal contacts for each partner. Noteworthy clients include Pictet, insurance giants like Swiss Life and Axa, and global entities such as FedEx and IBM.
UBS’s relationship with Chain IQ includes support in managing supply chain due diligence and company credit card administration. The leaked dataset spans 137,192 rows, each representing an employee.
Concerns escalate as reports confirm that the leaked file has been sold multiple times on the darknet. Such information poses a risk of being exploited for criminal activities, including identity theft and fraud.
In response, Chain IQ is treating this situation with the utmost seriousness. The company has activated its security protocols, assembled a dedicated team of internal and external experts, and contacted the Zug cantonal police. They also aim for transparency, having informed all stakeholders promptly.
A UBS spokesperson confirmed their awareness of the cyberattack on Chain IQ, assuring that they are monitoring the developments closely.
In an additional twist, the leaked data allegedly includes information from Pictet, detailing “tens of thousands of invoices.” While the invoices themselves are not part of the leak, the records describe various expenditures by companies and employees, including groceries, dining, travel, and security services.
A representative from Pictet stated that the compromised data does not include sensitive employee information or customer data, but mostly concerns invoice details from select suppliers. Precautionary measures are being implemented to mitigate further risks.
As the world turns more digital, will we see a rise in such cyber capers, or can the industry step up its defenses to combat these digital bandits?
What type of data was leaked in the UBS incident? The data includes names, email addresses, phone numbers, and job-related details for 130,000 UBS employees.
Which companies are involved in the breach? Chain IQ, former UBS spinoff, is the main service provider affected, alongside other clients like Pictet and Manor.
What actions are being taken in response to the breach? Chain IQ has activated security protocols, mobilized a dedicated response team, and contacted law enforcement while keeping stakeholders informed.
