Speaking out about a massive data leak that affected hundreds of thousands of its customers, Qatar National Bank has said it’s taken steps to secure its systems after detecting “abnormal activity.”
In a statement today, the bank confirmed that an attack took place that targeted a portion of its Qatar-based customers.
However, it added that its clients were not the target of the hack:
“While some of the data recently released in the public domain may be accurate, much of it was constructed and contains a mixture of information from the attack as well as other non-QNB sources, such as personal data from social media channels.
We believe the nature of this incident is fundamentally an attempted attack on QNB Group’s reputation and not specifically targeted at our customers.”
Hacked
Last week, the personal and banking details of up to 400,000 individuals and companies were uploaded to several file-sharing websites in what one expert called Qatar’s largest data leak.
The information included mobile phone numbers, details of international bank transactions, online passwords and credit cards numbers, many from QNB customers.
This is the first time that the bank has commented about the issue since Tuesday, when it said it was investigating.
This afternoon, QNB assured customers again that the leak had no financial impact, though many have reported getting alerts that others tried to access their accounts.
QNB also reiterated advice that cyber security experts gave shortly after the attack, telling customers to frequently change their online passwords and usernames.
“We are taking every measure to protect the privacy of our customers and have engaged an external third party expert to review all our systems to ensure no vulnerabilities exist,” the bank said, concluding:
“We deeply regret any inconvenience this may have caused to our customers. We at QNB Group place the highest priority on data security and deploy the strongest measures possible to ensure we maintain your trust and the integrity of your information.”
To see if you were affected by the hack without downloading the massive file, a former Qatar-based computer scientist has launched a tool that allows you to do an encrypted search of your email or Qatar ID.
The secure site, which also described the scope of the attack, now appears to be blocked by Ooredoo, but accessible via VPN.
Thoughts?