UBS Hit by Darknet Data Leak Affecting 130,000 Staff

UBS Hit by Darknet Data Leak Affecting 130,000 Staff

In early June, a hacker attack and data theft occurred at a procurement service provider in Baar in Switzerland. Data containing information on 130,000 UBS employees has been offered on the darknet. However, the bank is not the only one affected.

The company in question is Chain IQ – a former UBS spinoff that also counts Pictet, Manor, and Implenia among its clients – was hacked in early June, according to a report published Wednesday by the Swiss daily «Le Temps» (in French only,  behind paywall).

Among the datasets offered on the darknet is a list with information on approximately 130,000 employees of UBS. The leaked information includes names, email addresses, and landline numbers – and in some cases, mobile numbers. Even the phone number of CEO Sergio Ermotti is among them.

Additional internal data is also visible. This includes details such as job level, spoken languages, and office location within UBS buildings.

Data Breach at Service Provider

The data appears to originate from a leak at service provider Chain IQ. Headquartered in Baar, the company also has offices in Geneva and Zurich and maintains an international presence with locations in the US, Asia, and Europe.

Originally spun off from UBS, Chain IQ has since established itself as a procurement services provider, offering solutions in human resources, IT systems, waste management, purchasing, and security services.

Client List Stolen

The hacker attack was first reported by the platform Inside IT (paid article). According to the report, the data leak also includes Chain IQ’s client list. The company has reportedly served more than 400 contractual partners. The file available on the darknet contains information on contract dates, service types, duration, company names, and the responsible internal contact person.

Chain IQ is said to have signed three contracts with the Geneva-based bank Pictet. Other companies on the list include insurers like Swiss Life and Axa, U.S. multinationals such as FedEx and IBM, and well-known Swiss firms like Swisscom, Amag, and the airline Swiss.

UBS has multiple agreements with Chain IQ, including support for fulfilling supply chain due diligence obligations and company credit card management. The Excel file containing UBS employee data reportedly includes exactly 137’192 rows – one per employee.

Multiple Purchases on the Darknet

According to the article, the file has been purchased several times on the darknet. The data may be used for criminal purposes such as fraud or identity theft.

Chain IQ told the newspaper that it is treating the incident «with the utmost urgency». The company stated that a total of 18 other companies were attacked by the same hacking group.

It said it had «activated security protocols, set up a dedicated team of internal and external experts», and contacted the Zug cantonal police. «We have proactively informed all internal and external stakeholders to ensure transparency and awareness», Chain IQ stated.

«We were informed about the cyberattack on Chain IQ’s system and are monitoring the situation closely», a UBS spokesperson said.

Pictet's Invoice Data

The leaked Pictet dataset reportedly includes information on «tens of thousands of invoices». The invoices themselves are not included but are described in detail. They pertain to, among other things, expenditures by companies or employees on groceries, pottery, restaurant visits, hotel stays, newspaper subscriptions, and security contracts.

A Pictet spokeswoman emphasized that the hacked data from Chain IQ’s IT system does not contain any sensitive information about employees. «Additionally, it contains no customer data. It is primarily invoice data from certain suppliers.»

The bank has taken precautionary measures to prevent further consequences.