Skip to content

UBS employee data leaked following Chain IQ data breach

  • by
  • 2 min read

Employee data from banking giant UBS has been leaked on the dark web following a breach at Chain IQ, one of the bank’s third-party suppliers. UBS isn’t the only Chain IQ partner to be affected, as reportedly, 18 other companies were targeted in the attack.

Swiss outlet Le Temps reports that the information of nearly 130,000 UBS employees has been published on the dark web by a ransomware group called World Leaks. This information includes contact details, job roles, and location details. The phone number of UBS CEO Sergio Ermotti is also reportedly included in the published data.

A UBS spokesperson told Infosecurity Magazine that the breach hasn’t affected customer data or operations. However, the leaked employee data can help facilitate follow-up ransomware attacks where cybercriminals impersonate bank employees with the help of generative AI tools. Additionally, leaking customer data can also be a ploy to publicly shame Chain IQ, increasing pressure on the business to pay a ransom.

This is an image of data breach featured cybersecurity 113 e1666861228304

In a statement describing the incident, Chain IQ claimed that the attack was carried out using “tools and techniques that had never before been seen on a global scale.” The attack resulted in data theft, and data from some Chain IQ customers was published on the dark web on June 12. Affected customers were informed shortly after the data was published.

Swiss private bank Pictet also suffered a data breach, as per a statement published by Reuters. Pictet was also a Chain IQ client and hence was affected by the larger ramifications of the initial breach. Similar to the UBS breach, the stolen information did not include client data, but invoice information with some of the bank’s suppliers, including technology partners and external consultants, was leaked.

At the time of writing, UBS and Pictet remain the only two publicly known Chain IQ customers affected by the breach, with their data leaked on the dark web. However, with 17 other clients affected, hackers could slowly start releasing more information to pressure Chain IQ into paying a ransom, or start selling client data off for profits.

In the News: DuckDuckGo’s browser is expanding its scam defence

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of dark web hacker security

Russian pro basketball player arrested on ransomware charges

This is an image of tik tok 39239

Ireland launches fresh investigation into TikTok over data transfer to Chinese servers

Illustration: jmiks | shutterstock

British NCA arrest four for hacking M&S, Co-op, and Harrods

A mcdonald's sign on a pole.

McDonald’s AI bot leaks job applicants’ data

This is an image of dprk north korea flag

US sanctions North Korean hacker for running fraud IT worker scheme

This is an image of ransomware 32988sd

M&S confirms April cyberattack was ransomware

>