With reporting from Riham Sheble
Change your bank passwords and PIN numbers, and request new cards from Qatar National Bank (QNB) immediately. That’s just some of the advice security experts are giving customers after a massive data leak came to light this week.
The data included the financial and personal information of thousands people, many of them QNB customers, and is being spread widely on social media and file-sharing websites.
Cyber security experts said as many as 400,000 customers could be affected, in what is being called one of Qatar’s biggest data breaches.
The bank said it is investigating, but has not yet published any instructions for customers or offered any new updates today after news of the leak broke yesterday.
It is unclear who is behind the leak, or their motivations for hacking.
Not all customers were affected by the data breach, and the amount of information released in each record varies.
Since yesterday, several customers have reported attempts to break into their bank accounts, although these appear to have been blocked before any transfers took place.
Others have said there have been attempts to access and even alter their social media accounts.
Advice to customers
A Qatar-based computer security expert, who asked to remain anonymous, described the hack as a “very serious breach.”
He advised all QNB customers – not only those whose details have been published – to take the following steps:
- Change their QNB online password;
- Change the PINs on all their debit and credit cards;
- Ask QNB for replacements of all their cards, with new numbers; and
- Contact your international bank, if you’re a customer who uses QNB for foreign remittances. For US banks, for example, accounts should be closed and new accounts opened instead.
Lack of information
More than 24 hours after the data breach became public, QNB has not answered questions from Doha News on what actions customers should take to protect themselves and many customers say they have yet to be contacted by the bank.
Online, it has continued to respond to questions by pointing to yesterday’s statement that said it does not comment on “social media speculation,” even though the confidential information about thousands of its customers is online for anyone to access.
Some people bristled at the lack of information:
Not great that the leak happened, and @QNBGroup‘s post-leak response has been even more disappointing #QNBHack
— Kamil Choudhury (@kchoudhu) April 27, 2016
لازم يقولون عادية،لكن من تحليلي مصيبة بكل بساطة،ليس فقط الحسابات والأسماء وكل شي،بل حتى تحليل لكل حساب من حسابات تويتر..?@x5X007 @QNBGroup
— ياسر العصيفير (@alosefer) April 27, 2016
Translation: Of course they’ll say the data is ordinary and not important. But in my opinion, simply this is disastrous. It’s not just the bank accounts and names and everything else, but also analysis to each Twitter account.
@QNBGroup السلام عليكم, من بعد ما سمعنا ان الاختراق حدث, كيف يمكنني التأكد ان اسمي غير موجود في الملفات المنشورة؟ يرجى المساعدة و شكرا
— ▌║▌║ ѕнαмσν ║▌║▌ (@sham0v) April 27, 2016
Translation: After hearing about the hacking that took place, how can I be sure that my name is not one of those that has been published in the leaked files? Please help me. Thank you.
Others, however, said they were happy with the bank’s response that it was investigating the matter.
Thank you @QNBGroup. We totally trust you to protect our personal data and finances!
— Plateful (@nashplateful) April 27, 2016
In terms of the information leaked, mobile phone numbers, credit card numbers, records of international bank transfers, bank account numbers, passwords, mobile phone pins and email addresses were published.
Thousands of customers have also had their online login details, including user name, security questions and answers as well as password published.
Details about remittances to international bank accounts, including the routing number and account numbers are also available on the leaked files.
For many residents, there are also files noting social media accounts and details of their friends and family.
Some individuals have their files in a folder marked as “SPY,” which has some concerned that the leak could affect their ability to travel to some countries.
The information featured in the leak is still being verified. Many of those contacted by Doha News confirmed their hacked information was accurate, however at least one Al Jazeera staffer said he was not a QNB customer.
Others have said some of the data is outdated.
Have you been affected by the leak? Thoughts?