Habib Bank AG Zurich confirmed unauthorized external access to its corporate network by the **Qilin ransomware gang**, which claimed to have stolen **2.56 TB of data** and listed the bank on its leak site on **November 5, 2025**. While the bank stated that **banking services remained operational** and no persistent access was detected, the extent of data exposure is still under investigation. Qilin, a Russia-based **ransomware-as-a-service (RaaS)** group, typically infiltrates victims via **phishing emails** and has a history of targeting financial institutions. The bank has not verified Qilin’s theft claims, nor disclosed whether a ransom was paid. With **8,000 employees** and **500+ global offices**, the breach poses significant risks, including potential **financial fraud, reputational damage, and regulatory scrutiny**. The incident aligns with Qilin’s 2025 rampage, which included **31 confirmed attacks on financial firms**, some stemming from a supply-chain breach via a South Korean IT provider. The bank is conducting a forensic investigation with cybersecurity experts to assess the impact and mitigate further risks.
Habib Bank AG Zurich cybersecurity rating report: https://www.rankiteo.com/company/habib-bank-ag-zurich
"id": "hab5402254111225",
"linkid": "habib-bank-ag-zurich",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Financial Services',
'location': 'Zurich, Switzerland',
'name': 'Habib Bank AG Zurich',
'size': '~8,000 employees, 500+ offices worldwide',
'type': 'Private Bank'}],
'attack_vector': "Phishing Emails (likely, based on Qilin's typical methods)",
'customer_advisories': 'Banking services remain unaffected and fully '
'operational',
'data_breach': {'data_exfiltration': '2.56 TB (claimed by Qilin, unverified)'},
'date_publicly_disclosed': '2025-11-05',
'description': 'Habib Bank AG Zurich disclosed unauthorized external access '
'to its corporate network on November 5, 2025. The Qilin '
'ransomware gang claimed responsibility, stating it stole 2.56 '
'TB of data and listed the bank on its data leak site. The '
'bank confirmed no persistent access was identified, and '
'banking services remained operational. The investigation is '
'ongoing to assess the extent of data exposure, with support '
'from cybersecurity and forensic experts. The bank has not '
'verified Qilin’s claim regarding the stolen data or ransom '
'demands.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'public disclosure of unauthorized '
'access and ransomware claim',
'data_compromised': '2.56 TB (claimed by Qilin, unverified by the '
'bank)',
'downtime': 'None (banking services remained fully operational)',
'identity_theft_risk': 'Potential (if data was exfiltrated as '
'claimed)',
'operational_impact': 'Ongoing investigation; cybersecurity and '
'forensic experts engaged'},
'initial_access_broker': {'backdoors_established': 'None identified (as per '
'bank’s statement)'},
'investigation_status': 'Ongoing (supported by cybersecurity and forensic '
'experts)',
'motivation': ['Financial Gain', 'Data Theft'],
'ransomware': {'data_exfiltration': '2.56 TB (claimed)',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'Comparitech'},
{'date_accessed': '2025-11-05',
'source': 'Habib Bank AG Zurich Public Notice'}],
'response': {'communication_strategy': 'Public notice posted on the bank’s '
'website',
'incident_response_plan_activated': True,
'remediation_measures': 'Ongoing investigation to assess and '
'mitigate impact',
'third_party_assistance': ['Cybersecurity Experts',
'Forensic Experts']},
'stakeholder_advisories': 'Public notice posted on the bank’s website',
'threat_actor': 'Qilin Ransomware Gang',
'title': 'Unauthorized Access and Ransomware Attack on Habib Bank AG Zurich',
'type': ['Unauthorized Access', 'Ransomware Attack', 'Data Breach']}