Swiss banks UBS (UBSG.S) and Pictet reported on Wednesday that a data breach occurred due to a cyberattack on an external provider in Switzerland. While client data was not affected, the report says information on thousands of UBS employees was stolen.
According to the newspaper Le Temps, files containing data on tens of thousands of UBS employees were stolen from Chain IQ, a business services provider based in Baar. Its clients include KPMG and Mizuho.
"A cyberattack on an external provider led to the theft of information related to UBS and several other companies. Client data was not compromised," UBS said in a statement.
"As soon as the company learned of the incident, decisive measures were taken immediately to prevent any impact on operational activity."
Le Temps also reported that among the stolen data was the internal direct phone number of UBS CEO Sergio Ermotti.
Chain IQ confirmed that it and 19 other companies were victims of the attack, which resulted in data being published on the darknet — a part of the internet not accessible via standard search engines.
“We took immediate actions and countermeasures to bring the situation under control,” the company said.
Chain IQ, which reported the data leak on June 12, said that for security reasons and as part of the investigation, it cannot disclose information about possible ransom demands or any interaction with the hackers.
The private bank Pictet also confirmed that no client data was stolen, and the breach was limited to invoice data from some of the bank’s suppliers, such as technology companies and external consultants.
“We take data security very seriously and have appropriate protocols and agreements in place to prevent unauthorized access,” Pictet stated.