Swiss procurement service provider Chain IQ has confirmed falling victim to a cyberattack that led to the theft of customer data.
The Zug, Switzerland-based firm says it learned of the incident after a threat actor published data allegedly stolen from its systems on the dark web.
“On June 12, 2025, Chain IQ, along with 19 other companies, was the target of a cyberattack that had never before been seen on a global scale. This cyberattack resulted in data theft. Data from some Chain IQ customers was published on the dark web,” the company says in an incident notice.
Chain IQ says it immediately activated its response plan and checked all relevant systems, and notified customers, employees, and partner companies, as well as the relevant authorities.
“The incident was contained after 8 hours and 45 minutes by revoking the attackers’ access to the affected environment,” the company says.
Chain IQ said no bank customer data was compromised in the incident, but confirmed that the attackers exfiltrated “data containing employee business contact details of selected clients”, including client employees’ phone numbers.
According to local media, Swiss financial groups UBS and Pictet, as well as Manor, and real estate and construction services company Implenia were impacted.
Responding to a SecurityWeek inquiry, UBS confirmed the impact from the incident, but said that no client data was stolen in the attack.
“A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected. As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations,” UBS said.
The attack on Chain IQ was claimed by the ransomware group Worldleaks, which added the company to its Tor-based leak site on June 11, claiming the theft of roughly 910 GB of data, or more than 1.9 million files.
“External suppliers have become one of the most readily attacked, compromised, and exploited organizations that we deal with,” Neovera VP Paul Underwood said in an emailed comment.
“Although in a statement it was reported that no client data was involved in the cyberattack, it does not mean that the cyberattack does not have value to not only the attacker but to what potentially could happen in the future to these organizations that were affected,” Underwood continued.
Related: Krispy Kreme Confirms Data Breach After Ransomware Attack
Related: Anubis Ransomware Packs a Wiper to Permanently Delete Files
Related: Fog Ransomware Attack Employs Unusual Tools
Related: Sensitive Information Stolen in Sensata Ransomware Attack
