May 09, 2016

"A massive tranche of nearly 10GB of files alleged to be from Sharjah, UAE-based InvestBank appears to have been dumped online by the hacking group 'Bozkurtlar' - Turkish for 'Gray Wolves' - on May 7."

Bank Info Security: The zip archive released by the attackers appears to contain internal files and sensitive financial documents, including InvestBank customers' data. by Varun Haran

'The Bozkurtlar hacker or hacking group appears to have Turkish ties, and also claimed credit for a similar data dump on April 26, involving Doha-based Qatar National Bank. In that case, leaked customer data for QNB was quickly posted online by the Cryptome.org whistleblower site.

'Following the InvestBank data dump, Information Security Media Group has attempted to reach bank officials for comment, so far without success. But several experts ISMG has contacted are working on verifying the contents of the data dump. Based on their preliminary analysis, the data so far appears to be genuine. The data includes approximately 100,000 payment card numbers - for both MasterCard and Visa-branded cards - as well as bank statements for more than 3,300 InvestBank customers, ATM transaction records, extensive details relating to InvestBank's employees, plus property records, scans of identity documents and assorted other sensitive files. As of press time, the bank's internet banking link also remains offline.

'The data dump follows Bozkurtlar having announced on Twitter, following the QNB leak, that it would soon be releasing hacked data from another bank based in the Middle East. Early on May 6, India Standard Time, the group released the InvestBank data into the wild, and tagged Twitter handles for ISMG - amongst others - to announce the data dump.'

No comments: