Qatar National Bank, the gas-rich Gulf state’s leading lender, has been rocked by a data leak that has exposed the personal details of many of its clients in a file posted on social media that singles out some Al Jazeera staff and purports to identify security officials.
The leak contains references to thousands of alleged transactions records of QNB customers, including remittance data to global banks with thousands of alleged beneficiary names and account numbers.
The 1.4GB leaked file includes the names and passwords of thousands of QNB customers. Subfolders within the leaked data file individual details into folders including staff at Al Jazeera, members of Qatar’s ruling al-Thani family, and intelligence and defence officials.
One former QNB customer mentioned in the file, who has since left the country and declined to be identified, confirmed to the Financial Times that his details posted online were accurate.
Another folder titled “Al-Qaradawi” contains the details of Yousuf Abdullah al-Qaradawi, the same name as the controversial spiritual leader of the pan-Arab Muslim Brotherhood, whose longstanding presence in Qatar has been a source of consternation to some of Doha’s neighbours, especially Egypt and the United Arab Emirates.
One folder, marked “Spy, Intelligence” refers to individuals and internal Qatari security agencies. One file identifies a British customer as “MI6,” an apparent reference to the UK’s overseas intelligence service.
Some of those identified as “spies” are French, British and US nationals based in Qatar. The hacker has compiled more comprehensive data on some targets, including social media profiles.
Simon Edwards, a cyber security expert with security software company Trend Micro, suggested this points to a campaign to target these so-called “spies” with phishing and other cyber attacks.
The hacker breached QNB’s online defences as far back as July 2015, according to Mr Edwards.
“This is the work of a hacker — we can see the log file of the secret insertion tool he used,” said Mr Edwards. “They have been in there since July, pulling data out of the data base and then worked within the environment and profiling a lot of the customers.”
The focus of the infiltration appears to have been logging transactional data, rather than stealing money, he added. The hacker was profiling the data on the bank’s computers, rather than using a different machine.
“He was not after financial data per se or just stealing, the aim was to look for something specific, trying to put together foreign transactions, or trying to find movement of money to foreign agencies,” he said. “This has the hallmarks of someone in Qatar trying to find dodgy transactions or someone trying to expose something in Qatar.”
Security experts said the bank’s online defences were using vulnerable software that appear to have been breached by fairly common infiltration methods.
State-controlled QNB has said it is investigating the matter, which it referred to as “social media speculation in regard to an alleged data breach”. QNB said it did not comment on reports circulated via social media but assured “all concerned that there is no financial impact on our clients or the bank”.
“QNB Group places the highest priority on data security and deploying the strongest measures possible to ensure the integrity of our customers’ information,” it added.
Rising tensions in the Middle East, pitting Shia Iran against Sunni Saudi in proxy battles from Syria to Yemen, have spilled over into cyber space.
While the Gulf states have become more aware of cyber threats since an Iranian cyber attack on Saudi national oil group Saudi Aramco in 2012, security consultants say defence measures need to be improved.
A KPMG cyber security survey in the UAE last year found that companies under attack take up to a month to recover, while only half of the respondents had contingency arrangements in place for a cyber attack.
Get alerts on Qatar National Bank SAQ when a new story is published