Yazılar

UBS and Pictet Report Data Leak Following Cyber Attack on Service Provider; Client Data Safe

/in /tarafından

Swiss banks UBS and Pictet disclosed on Wednesday that they were affected by a data leak caused by a cyber attack on their Swiss-based service provider, Chain IQ. Despite the breach, neither bank reported any compromise of client information.

According to Swiss newspaper Le Temps, tens of thousands of UBS employees’ data, including contact details and a direct internal line to UBS CEO Sergio Ermotti, were stolen. Chain IQ, headquartered in Baar, provides services to major firms including KPMG and Mizuho.

UBS confirmed that the incident involved stolen information related to the bank and other companies, emphasizing that no client data was affected. The bank said it responded quickly to mitigate operational impacts.

Chain IQ revealed that the cyber attack targeted it and 19 other companies, with some data published on the darknet. The firm stated that countermeasures were immediately implemented to contain the situation but declined to comment on ransom demands or communications with attackers due to ongoing investigations.

KPMG, listed as a Chain IQ client, said its infrastructure remained unaffected but enhanced its security protocols in response to the breach.

Pictet reported that only invoice-related information involving some of its suppliers, such as technology providers and consultants, was stolen. The private bank reassured that client data remained secure and stressed the importance of strict controls to prevent unauthorized access.

Swiss financial regulator Finma is overseeing the case according to standard procedures.

Cybersecurity expert Ilia Kolochenko of ImmuniWeb warned that breaches at third-party vendors pose a significant risk even to top financial institutions, potentially affecting the long-term trust in Swiss banking.

Ransomware Gang Lockbit Reportedly Hacked in Embarrassing Leak

/in /tarafından

In an ironic twist, Lockbitone of the world’s most notorious ransomware gangs — appears to have fallen victim to a cyberattack of its own, according to security analysts and a rogue message posted on one of the group’s darkweb sites.

On Wednesday, Lockbit’s site was replaced with a taunting message that read:

Don’t do crime. CRIME IS BAD xoxo from Prague
The site also included a link to what appears to be a leaked cache of internal data, potentially containing chats between Lockbit members and their victims.

While Reuters has not independently verified the data, multiple cybersecurity experts have assessed the leak and confirmed its authenticity.

It’s legit,” said Jon DiMaggio, chief security strategist at Analyst1.
Christiaan Beek of Rapid7 noted the leak revealed Lockbit’s indiscriminate targeting — even aggressively pursuing small businesses for minor ransom payouts.
They attack everyone,” he added.

Who hacked Lockbit remains unclear, and some of the group’s associated darkweb infrastructure is currently down, with placeholder messages stating sites will be “working soon.” However, the damage may already be done.

This is not the first time Lockbit has faced disruption. In 2023, U.K. and U.S. authorities, alongside international partners, seized parts of the gang’s infrastructure. At the time, Lockbit quickly resurfaced and defiantly declared,

I cannot be stopped.”
But this latest incident appears more personal — and humiliating.

DiMaggio described the breach as a significant blow to the gang’s operations and credibility:

I think it will hurt them and slow them down.”

Lockbit, once dubbed “the Walmart of ransomwaredue to its prolific activity and reach, now faces a potentially destabilizing turn of events — and an unexpected reminder that even cybercriminals aren’t immune to being hacked.