Global banking giant UBS has suffered a data breach following a cyber-attack on a third-party supplier.

In a statement emailed to Infosecurity, a UBS spokesperson confirmed a breach had occurred, but it had not impacted customer data or operations.

“A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected. As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations,” the UBS statement read.

Swiss-based newspaper Le Temps reported that information about 130,000 UBS employees had been published on the dark web by a ransomware group called World Leaks, previously known as Hunters International, following the incident.

This data includes business contact details, including phone number, their job role and details of their location and floor they work on.

The direct phone number of UBS CEO Sergio Ermotti was reportedly included in the published data.

UBS also confirmed to Infosecurity that the external supplier at the center of the incident was procurement service provider Swiss-based Chain IQ.

Another Chain IQ client, Swiss private bank Pictet, also revealed it had suffered a data breach as a result of the attack. Pictet said in statement published by Reuters that the information stolen did not contain its client data and was limited to invoice information with some of the bank's suppliers, such as technology providers and external consultants.

At the time of writing, it is not known whether any other Chain IQ customers have been impacted.

A cyberattack on the Zug-based procurement service provider Chain IQ apparently has far-reaching consequences for UBS: data from 130,000 employees, including the direct number of CEO Sergio Ermotti, is said to have ended up on the darknet.