UBS and Pictet Hit by Major Data Breach Through Chain IQ Attack

In a significant cybersecurity incident that has sent shockwaves through Switzerland's financial sector, banking giants UBS and Pictet have fallen victim to a major data breach through their subcontractor Chain IQ. The incident, revealed on June 18, 2025, marks one of the most substantial cyber attacks on Swiss financial institutions in recent years, though fortunately sparing client data from exposure.

The scale of the data breach is substantial, affecting approximately 130,000 UBS employees, including high-profile figures such as CEO Sergio Ermotti. At Pictet, the breach resulted in the theft of thousands of supplier invoices spanning several years. While both institutions have confirmed that no client data was compromised, the incident has exposed significant vulnerabilities in the banking sector's third-party security infrastructure.

Chain IQ, the Baar-based company at the center of the breach, serves as a crucial subcontractor to several major Swiss corporations. With international operations spanning New York, London, Singapore, Mumbai, and Bucharest, the company's compromise has raised concerns about the vulnerability of global supply chains in the financial sector. The breach was first reported by Chain IQ on June 13, affecting multiple high-profile clients including Manor department stores, Implenia construction, and KPMG.

Both UBS and Pictet have responded swiftly to the incident, implementing immediate protective measures to prevent further impact. Official statements from both banks emphasize that client data remained secure throughout the breach. The incident has prompted a thorough review of third-party security protocols and has led to enhanced cybersecurity measures across the Swiss banking sector.

This breach occurs against a backdrop of increasing cyber threats in Switzerland, where nearly 63,000 cyber-related incidents were reported last year alone. The incident has sparked renewed discussions about cybersecurity standards in the Swiss financial sector, particularly regarding third-party service providers. It highlights the need for enhanced due diligence and security protocols in managing supply chain risks within Switzerland's globally significant banking industry.