Chain IQ

Swiss banks UBS and Pictet faced a data leak after a cyber attack on their service provider Chain IQ. While client data was not affected, internal employee files were accessed and published on the darknet. The breach highlights risks linked to third-party vendors and the need for stronger cyber security. The leaked data included information related to UBS employees, such as a direct line number of UBS CEO Sergio Ermotti. The breach occurred on June 12, and the firm mentioned that it could not share details about ransom demands or communication with the attackers due to ongoing investigations.

Source: https://economictimes.indiatimes.com/news/international/us/16-billion-passwords-leak-is-your-data-safe-with-third-party-vendors-of-any-company-cyber-attack-on-swiss-supplier-exposes-ubs-and-pictet-employee-data-while-banks-claim-no-client-data-was-affected-heres-what-you-should-do-now-to-be-safe-online/articleshow/121980568.cms

TPRM report: https://scoringcyber.rankiteo.com/company/chain-iq

"id": "cha300062125",
"linkid": "chain-iq",
"type": "Breach",
"date": "6/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Financial Services',
                        'location': 'Switzerland',
                        'name': 'UBS',
                        'type': 'Bank'},
                       {'industry': 'Financial Services',
                        'location': 'Switzerland',
                        'name': 'Pictet',
                        'type': 'Bank'},
                       {'industry': 'Business Services',
                        'location': 'Baar, Switzerland',
                        'name': 'Chain IQ',
                        'type': 'Service Provider'},
                       {'industry': 'Consulting',
                        'name': 'KPMG',
                        'type': 'Professional Services Firm'},
                       {'industry': 'Financial Services',
                        'name': 'Mizuho',
                        'type': 'Bank'}],
 'attack_vector': 'Cyber Attack on Third-Party Vendor',
 'data_breach': {'data_exfiltration': True,
                 'type_of_data_compromised': ['Internal employee files',
                                              'Direct line number of UBS CEO']},
 'date_detected': '2023-06-12',
 'description': 'Swiss banks UBS and Pictet faced a data leak after a cyber '
                'attack on their service provider Chain IQ. While client data '
                'was not affected, internal employee files were accessed and '
                'published on the darknet.',
 'impact': {'data_compromised': ['Internal employee files',
                                 'Direct line number of UBS CEO']},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'investigation_status': 'Ongoing',
 'recommendations': ['Reset passwords',
                     'Avoid reusing passwords',
                     'Enable multi-factor authentication',
                     'Monitor accounts for unusual activities'],
 'references': [{'source': 'Le Temps'}],
 'regulatory_compliance': {'regulatory_notifications': ['Swiss regulator Finma '
                                                        'confirmed it was '
                                                        'aware of the incident '
                                                        'and had started '
                                                        'following its '
                                                        'internal procedures']},
 'response': {'containment_measures': ['Taken actions to contain the breach']},
 'title': 'Data Leak at Swiss Banks UBS and Pictet',
 'type': 'Data Breach'}