Ransomware group Worldleaks has hacked Swiss firm Chain IQ and announced the theft of 910 GB of data, including from UBS, Pictet and others. This is one of the largest corporate information leaks of 2025.
On June 12, 2025, the corporate procurement firm Chain IQ fell victim to a coordinated cyberattack. Along with it, 19 other organizations around the world were affected. After 8 hours and 45 minutes, the incident was localized, but by that time the attackers had already managed to steal data containing contact information of clients’ employees, including phone numbers. The client banking data itself, according to the company, remained intact.
The attack was carried out by the Worldleaks group, which on June 11 published more than 1.9 million files totaling 910 GB on the darknet. Among the victims are financial giants UBS and Pictet, as well as Manor and Implenia corporations.
Chain IQ is a global provider of strategic procurement services headquartered in Zug, Switzerland. While the firm claims that banking data was not affected, the threat of contact information being used in phishing or BEC attacks remains. According to Neovera experts, third-party suppliers such as Chain IQ are increasingly becoming the weak link in the cybersecurity defenses of large companies.
This attack highlights the critical vulnerability of supply chains and the need to verify the security of not only their own systems, but also those of their counterparties. Even in the absence of a direct leak of customer data, the attack carries long-term risks – both reputational and operational.
