Cyber Incident Victim: Dutch Bangla Bank

In May 2016, the Turkish hacker group Bozkurtlar (Grey Wolves) claimed responsibility for breaching multiple international financial institutions, including Dutch Bangla Bank. The group initiated a series of data leaks targeting at least six banks, with Dutch Bangla Bank among the first five victims disclosed in early May. According to leaked information, the attackers exfiltrated 312 KB of data from Dutch Bangla Bank, which included sensitive customer information such as transaction records, login credentials, and contact details. This breach occurred alongside compromises at The City Bank, Trust Bank, Business Universal Development Bank, and Sanima Bank, with varying data volumes ranging from 96 KB to 251 MB per institution. Analysis by BankInfoSecurity suggested the attackers likely exploited SQL injection vulnerabilities across all targets, potentially using the Hajiv SQL injection tool, mirroring techniques observed in the group’s prior breach of Qatar National Bank.

The incident exposed Dutch Bangla Bank’s customers to risks of financial fraud and identity theft due to the sensitive nature of the leaked data. No public statements from Dutch Bangla Bank regarding breach confirmation, mitigation efforts, or customer notifications were documented in available sources at the time. The Grey Wolves subsequently leaked a second batch of data from Commercial Bank of Ceylon, totaling 6.97 GB and containing PHP files, financial reports, and server backups, demonstrating an escalation in attack severity. While Qatar National Bank acknowledged its breach and UAE’s InvestBank dismissed its leak as recycled data, the broader pattern highlighted systemic vulnerabilities in the banking sector’s cybersecurity defenses. The breaches collectively underscored the operational impact of SQL injection exploits and the challenges financial institutions faced in securing customer data against organized threat actors during this period.