Qilin ransomware gang claims breach at Habib Bank AG Zurich

Qilin ransomware group claims a breach of the Switzerland-based international financial institution Habib Bank AG Zurich. The bank operates an international network spanning Switzerland, the United Kingdom, the United Arab Emirates, Hong Kong, Kenya, South Africa, and Canada, and representative offices in Bangladesh, China, Pakistan, and Turkey. 

On November 5, 2025, the ransomware gang listed Habib Bank AG Zurich on their dark web leak site, announcing the theft of over 2.5 terabytes of data comprising nearly 2 million files.

According to screenshots released by the attackers and analyzed by cybersecurity researchers, the compromised data inclusde:

• Bank account balances
• Passport numbers
• Transaction histories and notifications revealing payment amounts and merchant locations
• Internal tool source code and proprietary systems documentation
• Customer account usage data exposing where and how customers used their bank accounts for purchases

The number of affected individuals is not disclosed. The exposure of internal source code could reveal security vulnerabilities in the bank's systems that other threat actors might exploit. 

The bank has acknowledged the incident and stated that it is implementing security measures to mitigate immediate risks and prevent further unauthorized access to its systems. Habib Bank AG Zurich has launched an investigation to determine the precise scope of the breach and identify exactly which customer accounts and data categories have been compromised.