Swiss banks UBS and Pictet have confirmed a data leak resulting from a cyber attack on their subcontractor, Chain IQ, in Switzerland.
According to a report by Reuters, citing Swiss newspaper Le Temps, files containing personal data of tens of thousands of UBS employees were stolen in the data breach.
Separately, SWI swissinfo.ch, part of the Swiss Broadcasting Corporation, reported that at Pictet, the cyber attack led to the theft of tens of thousands of supplier invoices dating back several years.
Chain IQ revealed that it, along with 19 other companies, was targeted in the attack, which resulted in a data leak published on the darknet.
The company stated that it has taken steps to contain the situation and is unable to provide details on ransom demands or interactions with the attackers due to security and investigative reasons.
Chain IQ first communicated the breach on 13 June. The company, based in Baar, has subsidiaries in New York, London, Singapore, Mumbai, and Bucharest.
“A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected,” UBS was quoted by Reuters as saying.
“As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”
UBS is currently facing additional challenges.
The Swiss government recently proposed new capital norms requiring UBS to increase its core capital by $26bn following its acquisition of Credit Suisse.
This proposal aims to enhance financial stability and prevent future banking crises, mandating UBS to fully capitalise its foreign subsidiaries.
UBS has been given a timeframe of six to eight years to comply once the legislation is enacted.
Meanwhile, Pictet Bank is dealing with another issue.
Switzerland’s Office of the Attorney General imposed a fine on Pictet for organisational shortcomings that facilitated money laundering.
