UBS, Pictet report data leak after cyberattack on provider, client data unaffected

[ZURICH] Swiss banks UBS and Pictet on Wednesday (Jun 18) said they had suffered a data leak due to a cyberattack on a provider in Switzerland that did not compromise client information, although a report said thousands of UBS workers’ data was affected.

Swiss newspaper Le Temps said that files containing details of tens of thousands of UBS employees were stolen from the Baar-based business service company Chain IQ, whose website lists KPMG and Mizuho among its clients.

“A cyberattack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected,” UBS said.

“As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”

Chain IQ said it and 19 other companies were targeted in the attack, resulting in leaked data being published online on the darknet – a part of the Internet not accessible through standard search engines.

Steps and countermeasures were promptly taken and the situation was contained, it said in a statement.

SEE ALSO

Chain IQ, which said the data was published on the afternoon of Jun 12, said that it could not provide any information on potential ransom demands or interactions with the attackers for security and investigative reasons.

Private bank Pictet said the information stolen from the incident did not contain its client data and was limited to invoice information with some of the bank’s suppliers, such as technology providers and external consultants.

Pictet said it took data breaches seriously and had protocols and agreements in place to stop unauthorised access. REUTERS