The Swiss banks said client data was not affected in the attack. However, a media report said that files of thousands of UBS employees were stolen from a business services company.

UBS and Pictet have been hit by a data leak caused by a cyber attack on a provider in Switzerland; it did not compromise client information, Reuters and other news services said. 

One report, from Swiss newspaper Le Temps, said that files containing details of tens of thousands of UBS employees were stolen from the Baar-based business service company Chain IQ, whose website lists KPMG and Mizuho among its clients.

“A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen,” UBS was quoted by Bloomberg as saying. “No client data has been affected. As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations.”

Pictet said in a statement emailed to WealthBriefing: “We are aware that some data related to Pictet vendor invoices were compromised as a result of a data breach at the company Chain IQ, a firm that provides procurement services. A number of other firms working with Chain IQ are also affected.” 

“The compromised information does not contain any client data of Pictet. It is limited to invoice information with certain suppliers of Pictet such as technology providers or external consultants. Pictet takes all types of data breaches seriously and has protocols and agreements in place to prevent unauthorised access.

“As soon as the breach was known, we took precautionary measures to prevent any further impact on Pictet data shared with ChainIQ. We have been assured by ChainIQ that the necessary steps and countermeasures were promptly initiated and that the vulnerabilities have been effectively addressed,” Pictet added.

The saga underscores why cybersecurity is top of mind for bank managers and others in the wealth management sector, such as family offices. Family Wealth Report, sister news service to this one, held a family office forum in New York last week to discuss the topic. (See reports here and here.)

The global cybersecurity market is large. In 2024, it was estimated to be worth over $200 billion (source: SecurityBrief UK). Forecasts project continued substantial growth, with some estimates reaching $697 billion by 2035.

When, not if
"It is no longer a question of if, but only of when – and how well prepared you are. The latest cyberattack highlights how vulnerable companies of all kinds are in the digital space – especially in the financial world, where trust, data protection, and digital infrastructure are closely intertwined,” Paulius Vanagas, country manager for Switzerland and Austria, at NordVPN, a cybersecurity solutions firm, said. 

“Even though no customer data appears to have been affected, the incident is a clear example of how cybercriminals can obtain valuable information by attacking third parties – so-called supply chain attacks. What many people underestimate is that even attacks that do not appear to compromise customer data can be part of larger, coordinated campaigns,” Vanagas said. 

Marijus Briedis, CTO of NordVPN, added: “Even the best-protected organisations can be vulnerable if there is a weak link in the supply chain. Vigilance at all levels is crucial, especially in large companies with many interfaces.”

“In the financial sector, digital networks are highly complex and interconnected. A single weak point can jeopardise the entire infrastructure. It is therefore crucial to continuously monitor security processes and adapt them to the ever-changing threat landscape.”