Cyber Incident Victim: Invest Bank
Date:
Dec 2015
Location:
United Arab Emirates
Summary
A cyber incident involving a UAE-based financial institution resulted in the unauthorized disclosure of sensitive customer data, including credit card numbers, passport scans, bank statements, and identity documents. The leaked information, comprising tens of thousands of records, was repackaged and redistributed online by a group claiming responsibility, though forensic analysis indicated the data originated from a prior breach following extortion attempts. The institution confirmed the material was not newly compromised but re-released existing stolen assets. Security researchers assessed the perpetrators likely sought notoriety by re-sharing historical data, with no evidence of fresh system intrusions linked to the latest disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In May 2016, a 10GB compressed file purportedly containing sensitive customer data from UAE-based InvestBank was leaked online. The dataset, uploaded by a group calling itself 'Bozkurt Hackers,' included folders labeled 'Account Master,' 'Customer Master,' and 'Branch Master' containing spreadsheets, PDFs, and images allegedly extracted from the bank's internal systems. Analysis by BankInfoSecurity and IBTimes UK revealed approximately 100,000 compromised credit card records (Visa and Mastercard) with visible expiration dates, though passwords and PINs appeared encrypted. The leak also contained over 3,000 bank statements bearing InvestBank watermarks, scans of passports, national ID cards, insurance documents, and employee passport data. A file titled 'Cards' listed nearly 20,000 card numbers, while folders labeled 'Investors' and 'land documents' held additional financial records. The data dump was linked via Twitter by Bozkurt Hackers on May 6, 2016, with a post claiming "Full DB and files from InvestBank UAE."
InvestBank confirmed the leaked data matched information stolen during a prior December 2015 breach, when hackers using the alias 'Buba' released 1.4GB of records after unsuccessful extortion attempts. The 2015 incident exposed financial records, transaction logs, and personal data of over 40,000 customers, primarily from 2015 or earlier. Bozkurt Hackers claimed responsibility for both the InvestBank and Qatar National Bank (QNB) breaches, though cybersecurity firm Intel 471 disputed this, citing evidence that QNB was compromised by Russian-speaking actors unrelated to the Turkey-linked group. Mark Arena, CEO of Intel 471, noted that Bozkurt Hackers likely repackaged existing breaches to gain notoriety. InvestBank's spokesperson stated no new breach occurred, characterizing the 2016 leak as a re-release of the 2015 dataset for unclear motives. Forensic analysis indicated the majority of exposed records predated 2016, with no evidence of fresh system intrusions coinciding with the Bozkurt Hackers' disclosure.