1.9 million files stolen? FINMA takes action in data hacking case at Chain IQ
The hacker attack at the procurement service provider Chain IQ is now being investigated by the Swiss Financial Market Supervisory Authority Finma. The attackers also stole data from the major bank UBS and the Geneva-based asset management bank Pictet.
20.06.2025, 23:19
20.06.2025, 23:46
SDA
No time? blue News summarizes for you
- The Swiss Financial Market Supervisory Authority FINMA is investigating the hacker attack at the procurement service provider Chain IQ.
- The hackers claim to have stolen over 1.9 million files.
- According to Chain IQ, it was a blackmail software attack
A hacker attack at the procurement service provider Chain IQ is being investigated by the Swiss Financial Market Supervisory Authority Finma. Finma cannot comment on individual cases, a spokesperson for the supervisory authority said in response to an AWP inquiry about a report from the web portal "Tippinpoint". "However, we can confirm that we are aware of the case and are handling it in accordance with the planned processes."
In general, the supervised institution remains responsible even in the event of outsourcing and is Finma's primary point of contact, the spokesperson told the news agency AWP. However, Finma can also carry out audits directly at service providers or request information that is relevant for supervision.
Chain IQ was the victim of a cyberattack by the ransomware group Worldleaks last week. The hackers claimed to have stolen over 1.9 million files and a total of 909.6 gigabytes of data. Various data was subsequently published on the darknet, apparently including information on 130,000 UBS employees, such as internal telephone numbers. Around 230,000 lines of invoices from Bank Pictet also found their way online, albeit without client details.
In a statement on its website, Chain IQ explains that it does not have any data on its clients' core business. Accordingly, no bank client data was stolen in the attack. The Federal Office for Cybersecurity (Bacs) told Keystone-SDA on Wednesday that it was aware of the incident.
Novel ransomware attack as the cause
Chain IQ released more details about the security incident in a statement on Friday evening. According to the statement, it was a ransomware attack. Attackers encrypt the victim's data and then demand a ransom for decryption. If victims do not pay, the attackers often threaten to publish the data on the dark web.
According to the information provided, this was an "advanced" ransomware attack in which new tools were used. The attack itself also affected 19 other companies, according to the statement.
After the attackers published some of the stolen data on the "dark web", Chain IQ immediately checked and secured all relevant systems and strengthened its protective measures, the report continues. Within just under nine hours, the attack had been contained and the hackers' access prevented. Law enforcement authorities were also called in.
