Third-party cyber assault potentially leaks confidential UBS employee information
In a series of global cyber-attacks on June 12, UBS, the Swiss banking giant, became one of the 20 companies targeted. The external supplier at the centre of the incident was procurement service provider Swiss-based Chain IQ.
The data breach at UBS did not impact customer data or operations. However, information about 130,000 UBS employees, including their business contact details such as phone numbers, job roles, locations, and floor numbers, was published on the dark web by a ransomware group called World Leaks.
Another client of Chain IQ, Swiss private bank Pictet, also revealed it had suffered a data breach. The information stolen from Pictet did not contain its client data and was limited to invoice information with some of the bank's suppliers.
The published data can be a tactic to publicly shame businesses and increase pressure to pay ransomware demands. The stolen data from the UBS breach could be used for social engineering attacks impersonating bank employees, particularly with the growing availability of deepfakes.
In highly regulated industries such as banking, it is critical to set minimum security operating standards, audit, and monitor third-party operations. The EU's Digital Operational Resilience Act (DORA) has a big focus on the security of third-party providers in the financial sector.
Following the data publication, Chain IQ took immediate measures to strengthen the security of all relevant systems. Adidas, a global sportswear giant, also suffered a data breach in May, following a third-party attack. The data breach at Adidas is a particular concern in the financial sector due to the growing threat posed by supply chain attacks.
The full impact of the UBS data breach may not be apparent for many weeks. The search results do not contain explicit information naming a specific company involved in the UBS data leak caused by a cyberattack on an external supplier. However, recent cyber-attacks on UK retailers, such as Marks & Spencer, have been traced back to compromised credentials from Tata Consultancy Services (TCS), a major IT outsourcing firm.
As the digital landscape continues to evolve, so does the threat of cyber-attacks. It is essential for businesses to prioritise cybersecurity, especially when it comes to third-party providers, to protect their valuable assets and maintain the trust of their customers.
Read also:
- Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
- Toddler Health: Rotavirus Signs, Origins, and Potential Complications
- Digestive issues and heart discomfort: Root causes and associated health conditions
- House Infernos: Deadly Hazards Surpassing the Flames
