A notorious Russian hacking collective known as the Qilin ransomware gang is claiming responsibility for a significant attack on Habib Bank AG Zurich. The Swiss-based international bank was recently listed as the newest victim on the group’s dark net blog. This move is a common and aggressive tactic employed by attackers, serving as the initial step to pressure victims into paying a ransom before they publicly release or sell the allegedly stolen data if demands are not met.
The post on the Qilin blog, dated November 5th, brazenly claimed the successful theft of a staggering amount of data: over 2.5 terabytes and nearly two million individual files. To substantiate their serious claims, the gang released several screenshots of some of the files they purportedly exfiltrated.
Based on an analysis of the proof-of-theft samples, it appears the hackers managed to gain access to a considerable amount of highly sensitive customer data. The exfiltrated information reportedly includes critical details like passport numbers and current bank account balances. Even more concerning, the breach exposed bank account usage notifications, which detail customers’ payments, including the specific amounts and the locations where they used their accounts to pay for goods and services.
Beyond compromising client information, the Qilin gang also claimed to have stolen the source code for various internal tools used by the bank. Given the broad potential scope of this incident—affecting both customer privacy and the bank’s operational infrastructure—it is crucial for Habib Bank to act with extreme urgency. Researchers emphasize the need for the bank to rapidly identify every piece of affected data, inform all impacted customers, and conduct a full security audit of the stolen source code to check for potential vulnerabilities.
While the situation remains critical, Habib Bank AG Zurich has yet to issue a public statement or respond to clarification requests regarding the alleged attack. Established in 1967, the financial institution maintains a global operational footprint with locations spanning multiple countries across Europe, Africa, North America, and Asia, including the UK, the UAE, South Africa, and Canada. This wide-ranging presence highlights the potential international fallout and regulatory complexity of this alleged breach.
Reference:
