Habib Bank AG Zurich Confirms Cyber Incident Amid Qilin Ransomware Allegations

Habib Bank AG Zurich, a Swiss financial institution, has confirmed it experienced a data security breach after the Qilin ransomware group claimed responsibility for infiltrating its internal network and exfiltrating over 2TB of sensitive information.

 

On November 5, the Qilin ransomware group announced that it had infiltrated the internal network of Zurich-based Habib Bank AG Zurich (HBZ), listing it as a victim of its cyber attack on the group’s data leak site. The group claimed to be in possession of 2.6 TB of data, comprising over 2 million files.

 

According to the hacker group’s post, the compromised database included internal documents, financial, and customer information, client emails, credit positions, KYC records, deposits, transaction details, blacklist databases, employee information and more.

 

In a statement published on its website, HBZ confirmed that it had experienced a data security incident, but did not validate the claims made by the threat actors.

 

“We experienced unauthorised external access to our corporate network. Our banking services remain unaffected, fully operational and available to all our customers. To date, no persistent access has been identified,” HBZ said.

 

“Our team is working around the clock – supported by cybersecurity and forensic experts – to further assess and mitigate the impact of this incident. As part of our ongoing investigation, we are looking into the extent to which data has been exposed. In the meantime, all relevant regulatory authorities have been duly notified,” the bank added.

 

Russian-speaking cybercriminal syndicate, the Qilin ransomware group is known for ransomware-as-a-service (RaaS) operations. Originally launched as "Agenda" in August 2022, it was rebranded as Qilin in 2023. The group targets a wide range of sectors globally, including healthcare, automotive, media, and public services, often stealing large volumes of sensitive data and demanding ransom payments.

 

Notable incidents attributed to Qilin in the recent past include a cyber attack on Yanfeng Automotive Interiors, a major Chinese automotive parts supplier, disrupting production for automakers like Stellantis, GM, Volkswagen, and more.