By Tom Finn
DOHA, April 28 – Qatar National Bank, the largest lender in the Middle East and Africa by assets, is investigating an alleged security breach of data posted online this week that revealed the names and passwords of a large number of customers.
A 1.5 GB trove of leaked documents includes the bank details, telephone numbers and dates of birth of several journalists for satellite broadcaster Al-Jazeera, supposed members of the ruling Al Thani family and government and defense officials, Doha News website reported.
Some files had pictures of account holders from Facebook and LinkedIn, according to the report on the anonymously leaked files.
QNB said it was investigating “social media speculation in regard to an alleged data breach” and would not comment on reports circulated via social media.
But it assured “all concerned that there is no financial impact on our clients or the bank.”
A copy of the leaked content seen by Reuters contained transaction data of QNB customers that showed overseas remittance data from as recently as August 2015.
One file contained information on what appeared to be 465,437 QNB accounts, although only a fraction of these accounts had anything resembling full account details.
There is no way to verify the authenticity of the vast trove of information. However, several known Qatari figures in the government and media whose names appeared on the list confirmed that their account details were accurate to Reuters.
“I’ve been thinking about moving my deposits out of Qatar for a while and will definitely advance this more quickly now,” said an expatriate banking official. “If others get the same idea, then this could be painful for the bank”.
The alleged leak had little impact on QNB’s share prices which dipped initially on Tuesday by about 1 percent but remained flat on Wednesday.
QNB is one of the largest banks in the Middle East. Earlier this month, it reported a seven per cent first quarter increase in profits to almost USD 800 million, despite the impact of low global oil prices.
Middle Eastern banks are attractive targets for cyber criminals because of the high levels of wealth in a region that has flourished in recent years due to buoyant hydrocarbon prices. Qatar is the richest country in the world on a per-capita basis, according to the World Bank.
The last major reported cyber attacks in the Gulf region was in 2013, when Oman’s Bank Muscat and National Bank of Ras Al Khaimah in the United Arab Emirates had $45 million stolen by hackers who targeted details of pre-paid debit cards held by a third-party services company.
In other high-profile bank record thefts, cyber criminals typically attempt to cash in quickly by re-selling the data through secretive online criminal marketplaces, the biggest of which are said to operate out of Eastern Europe.
In these marketplaces, anonymous sellers can auction off bundles of personal financial information such as credit cards, bank accounts or home addresses to the highest bidder.