Qatar National Bank data breach
A 1.4 GB archive of internal files, customer account records, and nearly one million payment card numbers stored in clear text was leaked online, including dossiers on Qatar's Al Thani royal family, Al Jazeera staff, and apparent intelligence targets.
- Victim
- Qatar National Bank (QNB)
- records
- 100.0K
- users
- 100.0K
On 26 April 2016, a 1.4 GB archive containing internal documents and customer records from Qatar National Bank (QNB) — the largest financial institution in Qatar and one of the biggest in the Middle East — was posted publicly to the document-sharing site Cryptome. The leak exposed the banking details of hundreds of thousands of customers and, more strikingly, what appeared to be intelligence dossiers compiled on prominent individuals.
What happened
The dump comprised 15,460 files and detailed more than 100,000 accounts. Security researchers analysing the contents concluded the attackers had exploited a SQL injection vulnerability in QNB's internet-banking application, from which they pivoted toward the bank's payment switch and potentially core banking systems.
Crucially, the most sensitive data — including passwords, PINs, and nearly one million payment card numbers with expiration dates and cardholder details — was stored in clear text, allowing anyone who downloaded the archive to read it directly.
What was exposed
- Customer names, addresses, phone numbers, account balances, and transaction histories.
- Nearly 1,000,000 payment card numbers with expiry dates and security details, unencrypted.
- Internal corporate files on QNB's retail business and banking application, including administrator-level access details.
- Folders labelled "Spy" containing apparent intelligence dossiers, with files tagged "MI6," Qatar's state security bureau (Mukhabarat), and French and Polish intelligence services.
- Dossiers naming members of Qatar's ruling Al Thani royal family and staff of the broadcaster Al Jazeera.
Attribution
A Turkish far-right group calling itself Bozkurtlar (Grey Wolves) claimed responsibility via a video and Twitter account, also asserting it had breached a second, unnamed bank with records dating back to 2001. The group's motivations were never conclusively established, and no arrests were publicly reported.
QNB's response
QNB confirmed it was investigating "in coordination with all concerned parties" but moved quickly to downplay the impact, claiming much of the leaked material "was constructed and contains a mixture of information from the attack as well as other non-QNB sources." Independent researchers disputed this, noting that leaked credentials remained functional and that the structured, internally consistent data was difficult to fabricate at scale.
Why it matters
The QNB breach is a textbook example of basic security hygiene failures at a flagship national bank: an exploitable web-application flaw, sensitive financial data stored without encryption, and 1.4 GB exfiltrated without detection. The presence of intelligence-style dossiers also turned a financial breach into a national-security embarrassment, foreshadowing the geopolitical cyber tensions that would erupt around Qatar the following year.
Timeline
Forensic timestamps in the leaked archive suggest the underlying data was captured around mid-2015.
A group calling itself Bozkurtlar (Grey Wolves) circulates a video on Twitter claiming to have breached QNB and a second bank.
A 1.4 GB archive of 15,460 files is posted publicly to the document-sharing site Cryptome.
QNB confirms it is investigating, stating it will take action against parties responsible for any harm.
QNB downplays the damage, claiming much of the leaked data was 'constructed' from a mixture of QNB and non-QNB sources.
Sources
- bankinfosecurity.comhttps://www.bankinfosecurity.com/qatar-national-bank-suffers-massive-breach-a-9068
- bankinfosecurity.comhttps://www.bankinfosecurity.com/qnb-confirms-leak-downplays-damage-a-9082
- aljazeera.comhttps://www.aljazeera.com/news/2016/4/26/qnb-bank-investigates-reports-of-massive-data-leak
- haveibeenpwned.comhttps://haveibeenpwned.com/Breach/QatarNationalBank