On June 12, 2025, Swiss procurement service provider Chain IQ, along with 19 other companies, was targeted in a large-scale ransomware attack orchestrated by the group Worldleaks (also known as World Leaks, previously Hunters International). The attack resulted in the theft and subsequent dark web publication of sensitive data, including information from major Swiss financial institutions such as UBS and Pictet.
Impacted Data
According to local media, Swiss financial groups UBS and Pictet, as well as Manor, and real estate and construction services company Implenia were impacted. The breach exposed data on over 130,000 UBS employees, including names, addresses, internal contact details, and even the direct phone number of CEO Sergio Ermotti. UBS confirmed that while employee and some company data were stolen, no client or customer data was compromised. The private bank reported that only vendor invoice data was affected, with no client information lost. Additional companies impacted include Implenia, and KPMG, among others.
Attack Details
The ransomware group Worldleaks infiltrated Chain IQ’s systems, exfiltrating roughly 910 GB of data (over 1.9 million files) before being detected. Chain IQ detected the breach after the attackers published data on the dark web. The company contained the incident within approximately 9 hours by revoking attacker access and immediately notified affected parties and authorities.
Chain IQ has not disclosed whether a ransom was demanded or paid, citing ongoing security and investigative considerations.
