Cyber Incident Victim: UBS

The incident became public last week when the ransomware group Worldleaks announced that it had compromised Chain IQ, a procurement service provider that originated as a spin‑off of UBS and is headquartered in Baar. According to the report from Le Temps cited by Blick, the attackers exfiltrated more than 1.9 million files amounting to roughly 910 gigabytes of data from Chain IQ’s systems. The breach also extended to nineteen additional companies that were compromised in the same campaign. Chain IQ confirmed that the attack was carried out by the Worldleaks ransomware group.

Among the stolen data were personal details of approximately 130,000 UBS employees, including the internal telephone number of CEO Sergio Ermotti, which appeared in the darknet although Chain IQ noted that the number is not reachable from outside the organization. The leaked material also contained a separate file with over 230,000 invoice positions belonging to the Geneva‑based bank Pictet. The article explicitly states that customer information was not part of the disclosed data. In addition to UBS, Chain IQ’s client list in Switzerland includes Manor and Implenia, though the article does not specify whether their data was affected.

Following the discovery, Chain IQ informed the relevant authorities and alerted its affected business customers about the breach. The company clarified that while the internal phone number of Sergio Ermotti was visible in the darknet, it cannot be dialed from external lines. Chain IQ, founded in 2013 as a UBS spin‑off, operates offices across Europe, Asia and the United States and continues to cooperate with investigators regarding the Worldleaks ransomware attack.