A massive data leak stemming from a cyber attack on a third-party subcontractor has affected Swiss banks UBS and Pictet, as well as over a dozen other multinational companies, potentially including auditing firm KPMG.
Unhinged cybercriminals attributed to the attack on Swiss-based Chain IQ have leaked over 130,000 UBS employee records on the dark web, including the company CEO Sergio Ermotti’s personal information.
Baar-based ChainIQ operates in New York, USA; London, U.K.; Singapore, Singapore; Mumbai, India; and Bucharest, Romania.
According to ChainIQ, the stolen data was published on June 12, but the company could not provide further information due to the ongoing investigation.
The data leak from the ChainIQ cyber attack affects over a dozen companies
However, UBS said the cyber incident did not affect clients’ data, and it took immediate action to prevent further impact on its operations.
“A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected,” UBS stated. “As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”
Pictet has also confirmed that the cyber attack did not affect its IT infrastructure or leak its client sensitive information. However, the data leak exposed its invoices, and its IT service providers’, suppliers’, and external consultants’ information.
KPMG also stated that the cyber attack had not impacted its IT infrastructure and that it had implemented additional security measures following the discovery of the widespread data leak.
Chain IQ says that the data leak affected 19 companies, resulting in their data being leaked on the dark web.
Meanwhile, efforts to notify all impacted clients are underway, and the IT subcontractor has implemented additional security measures to prevent further compromise.
Swiss financial regulator the Financial Market Supervisory Authority (FINMA) has been notified of the cyber attack and is addressing the incident using established protocols.
Additional details regarding the data leak, including whether the threat actors have demanded a ransom, are unknown. Cybercriminals typically publish the stolen information on the dark web if ransom negotiations stall and the victim organization refuses to pay the ransom.
Similarly, the identity of the threat actor behind the ChainIQ data leak also remains unknown. The attack vector the cybercriminals exploited during the ChainIQ cyber attack also remains unknown or undisclosed. However, phishing, cloud misconfigurations, and unaddressed system vulnerabilities are among the leading causes of data breaches.
The ChainIQ cyber attack serves as a sobering reminder that third parties pose a serious cybersecurity risk to primary organizations. Subsequently, primary organizations bear the full responsibility for vetting their partners’ cybersecurity practices to prevent third-party data breaches.
“UBS’s recent attack is a stark reminder: your cyber resilience is only as strong as your weakest link—which could be a gap in third-party supplier security,” noted James Hadley, Founder and Chief Innovation Officer, Immersive. “The key takeaway is that organizations must extend their cyber readiness programs, including rigorous exercises and hands-on labs, beyond their own walls to encompass every critical supplier. Regular cyber drilling is particularly effective at ensuring teams across organizations are prepared to either prevent a crisis or recover from one.”
Switzerland also remains a lucrative target, albeit with a lower rank compared to the United States and the United Kingdom, for cyberattacks, including politically motivated hacks. In June 2025, an apparent politically motivated and coordinated cyber attack disrupted the Alpine nation’s military, government, and commercial online systems.
According to London-based Deloitte’s survey, nearly half (44%) of the country’s high-profile organizations have suffered a cyber attack, with roughly half (42%) of the victims experiencing significant disruptions.
