UBS Employee Data Reported Compromised in Third-Party Breach

Global banking giant UBS has experienced a data breach following a cyber-attack on a third-party supplier.

In an official statement, UBS confirmed that a breach had occurred, clarifying that customer data and operations remain unaffected. The company asserted, “A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected. As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”

Reports indicate that information regarding approximately 130,000 UBS employees has been published on the dark web by a ransomware group, World Leaks, formerly recognized as Hunters International. The compromised data encompasses business contact details, such as phone numbers, job roles, and specifics about their workplace locations.

Significantly, the direct phone number of UBS CEO Sergio Ermotti was included in the leaked data. UBS additionally disclosed that the third-party supplier at the heart of the incident is Chain IQ, a procurement service provider based in Switzerland.

Another Chain IQ client, Swiss private bank Pictet, has also reported a data breach stemming from the attack. Pictet confirmed that the stolen information was limited to invoice data from the bank’s suppliers and did not include client-related information.

Chain IQ reported on June 19 that they and 19 other companies were targeted in an unprecedented cyber-attack. At approximately 17:15 CET on June 12, sensitive information from certain clients was posted on the dark web. The firm indicated that this data includes employee business contact details and internal telephone numbers.

Immediately following the incident, all affected customers, employees, and partner companies were informed. Law enforcement authorities have also been notified. Chain IQ stated it is taking steps to bolster the security of its systems and continues to collaborate with IT infrastructure and cybersecurity partners.

The company has not disclosed the specific methods used in the attack, nor whether it involved ransomware.

The implications of the breach affecting UBS and others may be far-reaching. Cybersecurity experts have cautioned that the extent of the breach’s impact might not be fully understood for some time. “While it appears no client data was taken, the full scale of a data breach may remain unclear for weeks following the incident,” advised Jake Moore, a global cybersecurity advisor.

James Neilson, an SVP at OPSWAT, highlighted that the publication of employee details could serve to publicly shame targeted businesses like UBS, thereby increasing pressure to meet potential ransomware demands. Such actions can cause significant financial harm and threaten the integrity and reputation of financial institutions, where customer trust is paramount.

Dr. Ilia Kolochenko, CEO of ImmuniWeb, noted that the nature of the stolen data may facilitate social engineering attacks. With advanced tools like deepfakes readily available, the consequences of the breach could amplify, potentially leading to blackmail or even aiding in complex financial crimes.

This incident underscores the escalating threat of supply chain attacks, which can impact a wide array of downstream clients. The financial sector, in particular, faces significant risks, as highlighted by recent cyber-attacks on UK retailers. Investigators revealed that recent breaches made use of compromised credentials from major IT outsourcing firms to infiltrate systems.

The interconnected nature of financial systems makes third-party providers prime targets for cybercriminals. It is imperative that minimum security operating standards are established, and that third-party operations are consistently audited and monitored to mitigate risks associated with such breaches.