Cyber Incident Victim: Al-Qard Al-Hassan

On December 30, 2020, a hacker group breached the systems of Al-Qard Al-Hassan, a financial institution affiliated with Hezbollah, and publicly leaked sensitive internal data. The attackers disclosed client lists detailing individuals and entities associated with the organization, alongside comprehensive financial records including its annual budget. This unauthorized release occurred through the hackers’ own website, directly exposing operational and transactional details of the Lebanon-based organization. The breach compromised the confidentiality of Al-Qard Al-Hassan’s financial operations and client relationships, potentially jeopardizing individuals linked to the institution. No technical details regarding the attack vector, duration of system compromise, or data exfiltration methods were disclosed in available reporting.

The leak provided unprecedented public visibility into the financial scale and network of an organization designated by the US Treasury as a Hezbollah-controlled entity involved in banking activities. Exposure of client identities risked reputational damage, operational security breaches, and potential sanctions-related consequences for listed individuals or businesses. Publication of the annual budget offered insights into the institution’s revenue streams and expenditure patterns, potentially enabling adversarial financial analysis. The incident represented a significant operational security failure for an organization accustomed to maintaining financial opacity. No public statements from Al-Qard Al-Hassan or Hezbollah regarding incident response, forensic investigations, or containment measures were reported at the time.