When did the attack occur and when was the data published?

The attack occurred in early June 2025, and the stolen data was published on the darknet on June 12, 2025. The attackers made the sensitive information publicly available on dark web platforms.

How many UBS employees were affected by the breach?

Approximately 130,000-137,000 UBS staff members were affected by the breach, making this a significant incident affecting a large portion of the bank's workforce.

What type of employee data was exposed in the UBS breach?

Exposed data includes names and email addresses, landline and mobile phone numbers, job positions and levels, languages spoken by employees, office locations and specific floor assignments within UBS buildings, employee addresses and physical workplace details, and even the direct phone number of UBS CEO Sergio Ermotti.

Were other organizations besides UBS affected by this attack?

Yes, beyond UBS, the breach impacted other major organizations within Chain IQ's client portfolio. Swiss private bank Pictet confirmed it was also affected by the attack, though the leaked information was apparently limited to invoice data and did not include client information.

Why is this incident particularly concerning for UBS employees?

This incident is particularly concerning because it exposed detailed personal and professional information of over 130,000 UBS employees, including specific workplace locations, contact details, and even the CEO's direct phone number. This level of detail could enable targeted attacks, social engineering, or other malicious activities against UBS personnel and operations.

Incident

UBS Employee data exposed in ransomware attack on third party supplier Chain IQ

Q: Who was responsible for the UBS-related cyberattack?

The cyberattack was carried out by the ransomware group World Leaks, formerly known as Hunters International. They targeted Chain IQ Group AG, a Baar-based procurement services provider that was spun off from UBS in 2013.

Q: What is Chain IQ Group AG?

Chain IQ Group AG is a Baar-based procurement services provider that was spun off from UBS in 2013. The company serves as a central procurement services provider for UBS and other major corporations, offering solutions in human resources, information technology systems, waste management, purchasing, and security services with over 400 contractual partners.

Q: What additional data was stolen from Chain IQ besides employee information?

The stolen data included Chain IQ's client database containing contract details, service agreements, and internal contact information, in addition to the UBS employee information.

published: June 18, 2025

Learn More

Switzerland-based investment bank UBS Group AG confirmed that sensitive employee data affecting approximately 130,000-137,000 staff members was stolen and published on the dark web following a ransomware attack on one of its third-party suppliers.

The cyberattack was claimed out by the ransomware group World Leaks, formerly known as Hunters International. They targeted Chain IQ Group AG, a Baar-based procurement services provider that was spun off from UBS in 2013. Chain IQ serves as a central procurement services provider for UBS and other major corporations, offering solutions in human resources, information technology systems, waste management, purchasing, and security services. The company maintains an international presence, and reportedly serves over 400 contractual partners.

The attack occurred in early June 2025, and the stolen data was published on the darknet on June 12, 2025. The stolen data included UBS employee information and Chain IQ's client database containing contract details, service agreements, and internal contact information. Exposed data includes:

Names and email addresses of employees
Landline phone numbers and mobile numbers (in some cases)
Job positions and levels within the company
Languages spoken by employees
Office locations and specific floor assignments within UBS buildings
Employee addresses and physical workplace details
Direct phone number of UBS CEO Sergio Ermotti

Beyond UBS, the breach impacted other major organizations within Chain IQ's client portfolio. Swiss private bank Pictet confirmed that it was also affected by the attack, but the leaked information was apparently limited to invoice data and did not include client information.

Chain IQ claims to have implemented emergency response protocols following the attack, activating security measures and assembling a dedicated team of internal and external cybersecurity experts. The company has contacted Zug cantonal police and informed all internal and external stakeholders about the incident. Swiss financial market regulator FINMA confirmed it was aware of the incident and was handling it according to established procedures.

UBS Employee data exposed in ransomware attack on third party supplier Chain IQ

Read More
Nuance, a healthcare tech company reports MOVEit breach, …
Hackers breach prominent Washington Law Firm
Pure Storage reports data breach caused by Snowflake …
Western University Students exposed in USC PurpleCare Data …
The Vitality Group reports MOVEit related data breach …