The bank, however, said the hack would have no financial impact on customers Credit: REUTERS/Fadi Al-Assaad Qatar National Bank has admitted that its systems were hacked but said that the information released online was a combination of data picked up from the attack and from other sources such as social media.The incident would not have a financial impact on the bank’s customers whose accounts are secure the bank said, without providing details of how its systems were hacked, the possible identity of the hackers, and what information was harvested.The announcement Sunday by one of the leading financial institution in the Middle East follows the posting online last week of leaked documents. The attack only targeted a portion of Qatar-based customers, the bank said, claiming the hack attempted to target the bank’s reputation rather than specifically its customers.“QNB Group’s Risk Team monitored abnormal activity in our system environment, this was immediately communicated to relevant authorities,” the bank said in a statement. “We also took immediate steps and our systems are fully secure and operational.” The 1.4GB trove of documents leaked online included both financial information such as customer transaction logs, personal identification numbers and credit card data, but on closer scrutiny was found to have folders with detailed profiles on specific individuals, including what appeared to be files on members of the Qatari royal family, employees of media outlet Al Jazeera, and people listed as working for the British MI6 and some other intelligence agencies, security firm Trend Micro said on Wednesday.The attackers used an open source SQL injection tool to extract all of the customer data they needed, wrote Simon Edwards, cyber security expert at Trend Micro. SQL injection is used against against websites which use SQL (structured query language) to query information from the database server. The log file suggests that the attack could have started about nine months ago in July last year, Edwards said.QNB said Tuesday that it would not comment on reports in social media of “an alleged data breach,” but sought to assure all concerned that there was no financial impact on the bank or its clients.A Turkish far-right group, called Bozkurtlar for Grey Wolves, has claimed responsibility for the bank breach, wrote security researcher Omar Benbouazza. The hack could be linked to the Syrian conflict, he added.The group has uploaded a video online, claiming its role in the hack. The bank made a big mistake using known vulnerable software in the targeted host, said Benbouazza, who also believes that the attackers used an SQL injection. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe