Hack Indicates The Qatar National Bank Tracks “Spies”

Hundreds of thousands of customers' banking information is now visible, too.

Apr 27, 2016 at 5:39 PM ET

One of the biggest banks in the Middle East has been hit with what appears to be a massive hack, exposing the data of at least hundreds of thousands of customers—including some it labeled “spies.”

A 1.4 GB file of information from the Qatar National Bank, obtained by Vocativ, has been widely shared online at least as early as Monday. It is unclear what party is responsible for the hack or leak of the dump. The bank has so far refused to admit it was hacked, and its most recent statement, on Tuesday, dismissed to reports as “social media speculation,” though it promised an investigation. There’s little doubt that at least some of the information in that data dump is real, however: Multiple former QNB customers have confirmed to Vocativ and other news outlets that their personal banking information in those files is accurate. At least some of the information appears to be for older, closed bank accounts and it’s not possible to determine how current the remaining information is. 

Customers are exposed in multiple ways in the dump. One database contains the names and bank account numbers of 893,509 people. Another identifies the name, gender, phone number, language preference, mailing address, email address, nationality, number of children, passport information, birthplace and nationality of 465,304 customers. A third tracks the online banking activity, including last login, how many times they’d unsuccessfully tried to log in, last IP address used to log in and password recovery question of 110,443 customers.

Perhaps the strangest information in the dump, however, is a collection of files of users labelled “SPY, Intelligence.” One of those files is a database of 105 names in a database, many of whom are listed as working at places like Qatar’s Internal Security Force. It also contains, however, .txt files that seem to identify foreign workers in the country, without much evidence they are actually spies.

“A spy? I was working in Qatar for a special project with the Qatar Foundation,” a French national identified in the “SPY” folder told Vocativ via the email address listed in his file. “I’m a former teacher who joined the French [Ministry of Defense] as a civilian for administration.” He said the information listed belongs to accounts he has not used for years. 

Another “spy” file labels the author of a book about worldwide military affairs as a member of the MI6, the U.K’s Secret Intelligence Service, then proceeds to list links to several social media accounts associated with him, including Facebook profiles for his wife and several of his friends. His file also includes photos of him and his wife, taken from their Facebook accounts, as well as credit card numbers and expiration dates for cards held by both of them. 

Another “spy” is an American engineer identified in the dump by his LinkedIn profile. According to that profile, he spent three and a half years creating an aircraft maintenance program for the Qatar Air Force.

QNB did not respond to Vocativ’s question of whether it labels certain customers “spies” or why it might do so. On its website, it touts Global Finance Magazine’s 2013 decision to name it one of the 50 safest banks in the world.