Excerpt from Finews Article, Published on Jun 19, 2025.
UBS is under intense scrutiny following a significant data leak that has exposed sensitive information of approximately 130,000 of its employees. The leak stems from a cyberattack on Chain IQ, a procurement services firm originally spun off from UBS and now serving several major clients worldwide. The leaked UBS data, now circulating on the darknet, includes employee names, email addresses, landline numbers, and in some cases, mobile numbers—reportedly even that of UBS CEO Sergio Ermotti.
This leak not only affects UBS but also highlights a broader vulnerability in third-party vendor security. Chain IQ, based in Baar, Switzerland, confirmed that the leak impacts not just UBS but also clients like Pictet, Swiss Life, Axa, FedEx, IBM, and Swisscom. The leaked file reportedly contains 137,192 rows of data specific to UBS employees, including job levels, languages spoken, and office locations. UBS, which maintains several contracts with Chain IQ for services such as company card management and supply chain due diligence, has acknowledged the breach and is closely monitoring the situation. UBS emphasized that it is taking all necessary precautions in response to the leak.
Chain IQ revealed that 18 companies were targeted by the same hacker group and that it has activated emergency security protocols, involving both internal and external cybersecurity experts. It has also notified law enforcement and all stakeholders, stressing transparency and urgency in its response. The leak has reportedly been sold multiple times on the darknet, raising fears over potential fraud and identity theft. As UBS deals with the aftermath, this incident underscores the growing risks of third-party data exposure. UBS now faces the challenge of regaining control and restoring trust following this alarming leak.
To delve deeper into this topic, please read the full article Finews.
