Home / The Long Read / Threat Intelligence
Threat IntelligenceLong Read

UBS and DSM-Firmenich hit by employee data theft in major cyberattack

UBS and DSM-Firmenich data breach exposes 7.9M employees. Learn how proactive vendor risk management can prevent third-party vulnerabilities.

Article contents
  1. How did the breach happen?
  2. What was leaked?
  3. Global impact of the attack
  4. How companies can protect themselves
UBS and DSM-Firmenich hit by employee data theft in major cyberattack
TL;DR

UBS and DSM-Firmenich data breach exposes 7.9M employees. Learn how proactive vendor risk management can prevent third-party vulnerabilities.

In another alarming incident of cybercrime, UBS and DSM-Firmenich have confirmed that sensitive employee data was stolen due to a breach involving their IT service provider. According to Swiss newspaper Le Temps, this breach was part of a larger cyberattack affecting 27 multinational companies, including Amazon, McDonald’s, Lenovo, HSBC, and Delta, with 7.9 million employees impacted globally.

How did the breach happen?

The cyberattack originated from vulnerabilities in the MOVEit software, a widely used data transfer tool provided by Progress Software. The software had known issues since last year, which cybercriminals exploited to gain unauthorized access to sensitive information. MOVEit’s vulnerabilities have now left a staggering trail of breached data, including the personal information of 20,462 UBS employees and 13,248 employees at DSM-Firmenich.

What was leaked?

DSM-Firmenich confirmed that the leaked data primarily involved employees from its former Firmenich division. The information included first and last names, outdated meeting room names, and defunct email addresses. Thankfully, no client or financial data was affected. In response, DSM-Firmenich assured the public that it has reinforced its data security measures.

For UBS, Le Temps reports that data on over 20,000 employees appeared on the darknet. However, UBS declined to comment further on the incident.

Global impact of the attack

This breach highlights the far-reaching consequences of third-party vulnerabilities. With 27 major companies and millions of employees affected, the MOVEit vulnerability underscores how a single software issue can cascade into a global cybersecurity crisis.

These incidents reiterate the importance of proactive vendor risk management. Companies can no longer afford to rely solely on their internal security but must also monitor and audit their IT service providers. Solutions like Supplier Shield enable businesses to identify and address third-party risks before they lead to significant breaches.

How companies can protect themselves

This incident serves as a critical reminder for businesses to proactively address third-party risks. Many breaches, like the one involving MOVEit, stem from vulnerabilities in external vendors’ systems. Companies can safeguard their operations by conducting regular audits, monitoring vendor security practices, and responding quickly to detected vulnerabilities.

Supplier Shield helps businesses achieve this by providing comprehensive third-party risk management solutions. Through continuous monitoring of vendor systems, early detection of vulnerabilities, and actionable insights, Supplier Shield enables companies to identify risks before they escalate. By partnering with solutions like this, organizations can strengthen their supply chain defenses and reduce the likelihood of being impacted by similar breaches.

What to do next

Want this applied to your supplier ecosystem? See the platform in action and map your top vendor risks live in one walkthrough.

Related solutions
How Supplier Shield worksCompare alternatives

Read next

KDDI email breach: how one shared email platform exposed up to 14.2 million logins across six ISPs

KDDI email breach: how one shared email platform exposed up to 14.2 million logins across six ISPs

One email platform run by KDDI exposed the logins of up to 14.2 million customers across six Japanese internet providers. The lesson for third-party risk teams is concentration and fourth-party risk: many brands on one shared supplier system, breached through a third-party software flaw.

Read article
iRhythm breach: how patient data left through third-party-hosted business apps

iRhythm breach: how patient data left through third-party-hosted business apps

Cardiac-monitoring firm iRhythm says attackers took patient health data, proprietary data and personal information from third-party-hosted business applications, not from its clinical systems. For third-party risk teams the lesson is that regulated data often lives with a vendor, and that is where it leaves.

Read article
Klue OAuth breach: how one connected app exposed CRM data at Huntress, Jamf and other customers

Klue OAuth breach: how one connected app exposed CRM data at Huntress, Jamf and other customers

The Icarus extortion group stole the OAuth tokens Klue held for its customers and used them to take data from those customers' own Salesforce and Gong accounts. For third-party risk teams the lesson is fourth-party risk: a connected SaaS app can turn a supplier's breach into your data loss.

Read article