Supply chain cyber attack hits UBS and Swiss banks

A sophisticated supply chain cyber attack on Swiss service provider Chain IQ has resulted in data leaks at several financial institutions, including UBS and Pictet. According to the banks, no client data was compromised.

UBS confirmed the breach on Wednesday, stating: ‘A cyber attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected.’ The bank said it had acted swiftly to protect operations.

Chain IQ revealed that it was one of 20 organisations targeted in what it described as ‘a cyber-attack that had never before been seen on a global scale.’

The attackers published stolen data on the dark web on 12 June 2025 at 17:15 CET. The firm said access was revoked and the incident contained within 8 hours and 45 minutes.

The stolen data included employee business contact details from certain clients, such as internal telephone numbers. The company stated that all systems were checked and secured, with law enforcement notified immediately.

Dr Ilia Kolochenko, CEO of ImmuniWeb and a Fellow at the British Computer Society, warned of the potential impact: ‘This breach may have a disastrous and long-lasting effect on the Swiss banking sector. An urgent investigation is essential to determine its scope.’

He added that the incident highlights third-party vulnerabilities: ‘Even major institutions are at risk from supply chain weaknesses. Legal liability could extend to the banks themselves if damage to individuals occurs.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!