Cyber Incident Victim: Chain IQ Group AG
Date:
Jun 2025
Location:
Switzerland
Summary
Chain IQ Group AG was targeted in a cyberattack that also affected 19 other organizations, employing previously unseen tools and techniques that led to the exfiltration and dark‑web publication of some customer data. The breach involved the theft of employee business contact details, including internal telephone numbers, of selected clients while no core business or bank‑related information was compromised. Upon discovery, the company activated its security protocols, enlisted the help of its outsourced partners InfoGuard and Kyndryl, and involved law enforcement to contain the intrusion, which was halted after roughly nine hours by revoking attacker access. Affected customers, employees and partners were promptly notified, and the firm stated that normal operations continued without disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 12, 2025, at 5:15 p.m. CET, data belonging to some Chain IQ customers was published on the dark web following a cyberattack that targeted Chain IQ and 19 other companies using tools and techniques never before observed globally. Immediately after the publication, Chain IQ checked all relevant systems, secured them, and strengthened protective measures. The company worked closely with its IT infrastructure and cybersecurity outsourcing partners InfoGuard and Kyndryl, both described as global leaders adhering to the highest security standards. Law enforcement authorities were notified immediately. The incident was contained after eight hours and forty‑five minutes by revoking the attackers’ access to the affected environment. Affected customers, employees, and partner companies were informed on the same day at 8:00 p.m. CET.
The exfiltrated data consisted of employee business contact details of selected clients, specifically internal telephone numbers, while Chain IQ emphasized that it does not store any data relating to its customers’ core business, so no bank customer data was compromised. Chain IQ activated its security protocols and established a special task force comprising internal experts and external specialists from InfoGuard and Kyndryl, to whom it has outsourced IT operations and cybersecurity functions. In parallel, the company contacted the cyber division of the Zug cantonal police to initiate a criminal investigation, and a detailed investigation of the incident was reported as underway. CEO Marcel Stalder stated that operations could continue normally, with no operational interruptions or other failures, and that the situation remained under control.
Chain IQ is a leading global independent indirect procurement service company that provides strategic, tactical, and operational procurement services to clients, including internationally active banks. It operates from six main centers and fourteen offices worldwide, headquartered in Switzerland with hubs in Zurich, New York, London, Singapore, Mumbai, and Bucharest, serving more than forty‑nine countries and over sixty clients. Its team of more than 650 experts focuses on third‑party spend management, volume bundling, digitalization of procurement processes, and achieving ESG standards.