Swiss banks UBS and Pictet impacted by third-party data breach

UBS, along with Swiss lender Pictet, has reported a data breach from a cyber attack. (Credit: Michael Derrer Fuchs/Shutterstock)

UBS and Pictet have announced a data breach caused by a cyberattack on their external service provider, Chain IQ. Although client information of the two major Swiss banks reportedly remains secure, the incident affected employee data from UBS and invoice details related to Pictet’s suppliers.

A report from Swiss newspaper Le Temps indicates that the breach involved personal details of thousands of UBS employees, including CEO Sergio Ermotti, with this information surfacing on the dark web. UBS has verified this, ensuring that client data was not compromised. “No client data was affected,” a UBS spokesperson stated. “As soon as UBS became aware of the incident, it acted quickly to avoid any impact on its activities.” The bank stated that it undertook swift actions to mitigate operational risks.

Pictet disclosed that the stolen data pertained to invoices from various suppliers over recent years. The bank confirmed that no customer information was compromised. “The data does not contain any information about our customers,” a Pictet spokesperson reassured. Following this discovery, Pictet said that it has taken precautionary measures to prevent further issues.

Chain IQ, which is a Switzerland-based end-to-end procurement solutions provider, has acknowledged being one of 19 companies hit by the cyberattack, resulting in leaked data appearing on the darknet. The service provider has since implemented measures to manage the situation and is working closely with security investigators. Chain IQ noted that the leak occurred on 12 June but withheld comment on ransom demands due to ongoing inquiries.

Swiss financial regulator Finma is currently monitoring the situation according to standard procedures. In response to the breach, KPMG, another Chain IQ client, reported its systems were unaffected but has nonetheless increased security protocols as a precautionary measure.

Rising data security concerns amid banking sector breaches

The breaches at UBS and Pictet underscore broader security challenges facing the banking industry. Findings from Accenture’s Guardians of Trust 2024 Survey, based on inputs from 49,000 people across 39 countries, indicate that 58% of banking customers worry about their personal and financial data security when banks offer tailored services. While 81% express confidence in their bank’s data protection capabilities, trust wanes significantly regarding other banks and third-party providers within the financial ecosystem.

According to the survey, banks have reportedly boosted cybersecurity investments by 140% over the past two years as part of efforts to tackle these vulnerabilities. However, relying on external partners and open banking frameworks continues to introduce new risks that customers feel remain inadequately addressed.

Earlier this year, an EY report indicated that cybersecurity is the foremost concern for 75% of global banking chief risk officers (CROs) for the coming 12 months. This concern is fuelled by rising geopolitical tensions. The survey collected data from 115 banks across 45 countries and found that 87% of CROs believe that cybersecurity will remain their primary concern over the next three years.

Read more: C-suite divides on cybersecurity threats pose organisational risks, study finds