Chain IQ data breach affects major banks and companies in Switzerland

Chain IQ, a large company dedicated to procurement and indirect purchasing services, was the target of a cyber-attack affecting the data of 19 other companies. Among the affected companies, the media highlighted names such as UBS, Pictet, Manor, Implenia, KPMG or Mizuho.

The attack was claimed on June 11, 2025 by the ransomware group Worldleaks, which published the breach of Chain IQ's systems on its Tor-based leak website. It announced the theft of about 910 GB of data and more than 1.9 million files. The stolen information is related to the purchases of some customers who contract Chain IQ's services. The company itself claimed that the attackers managed to extract data containing business contact details of employees of selected customers, including the employees' phone numbers.

Following the release of the data, Chain IQ notified law enforcement authorities and began reviewing all of its systems, strengthening protective measures and cutting off the attackers' access to the affected environment. In fact, it also managed to restore software introduced by the attackers during the attack for further analysis. Chain IQ is working with InfoGuard and Kyndryl to maintain the security of its systems.