Cyber Incident Victim: Valartis Bank
Date:
Nov 2016
Location:
Liechtenstein
Summary
A Liechtenstein-based financial institution experienced a cyber intrusion resulting in the theft of customer account data, which was subsequently leveraged for extortion. Unknown threat actors demanded 10% of victims' account balances in Bitcoin, threatening to disclose sensitive financial details to tax authorities and media outlets if payments were not made. Targeted clients included German nationals, politicians, actors, and high-net-worth individuals. The attackers exploited the compromised banking systems to access confidential customer information. The institution, majority-owned by a Hong Kong-based conglomerate, did not publicly respond to inquiries regarding the breach or extortion campaign at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late November 2016, Valartis Bank Liechtenstein became the target of a cyberattack involving data theft and extortion against its clientele. Unknown hackers breached the bank's systems and obtained sensitive customer account information, including details of many German account holders. The attackers subsequently contacted affected customers directly, demanding payments equivalent to 10% of their account balances in Bitcoin cryptocurrency to prevent public exposure of their financial data. The blackmailers threatened to send account details to tax authorities and media outlets if payments were not made, leveraging the potential for regulatory scrutiny and reputational damage against high-profile clients. According to Bild am Sonntag newspaper reports from November 27, 2016, the bank's client roster included politicians, actors, and other high-net-worth individuals who maintained accounts in the Liechtenstein-based institution. The attackers specifically exploited Bitcoin's anonymity features to obscure payment trails, reflecting deliberate operational security measures in their extortion scheme.
The incident occurred after Valartis Group, the Swiss-listed parent company, sold a majority stake in the Liechtenstein bank earlier in 2016 to Hong Kong-based Citychamp Watch & Jewellery Group, chaired by Hon Kwok Lung. Neither Valartis Bank Liechtenstein director Andreas Insam nor Citychamp representatives responded to Reuters' inquiries regarding the breach when contacted via phone and email on November 27. Valartis Group similarly did not provide comment on the incident when reached by email. The bank's operational status during the attack remained unclear from available reports, with no disclosed details about system vulnerabilities exploited, containment measures implemented, or forensic investigations conducted. Public reporting indicated the breach primarily impacted customer data confidentiality rather than disrupting banking operations, though the blackmail campaign created direct financial coercion risks for affected clients through threatened regulatory exposure and privacy violations.