UAE banks plagued by data breach, Bitcoin ransom demands

     Yet another customer data breach is in the news, only this time, the results are worse than anything we’ve experienced before. This time the breach took place in the United Arab Emirates, and the attack is being labeled as the worst in the country’s history.

     According to Bitcoinist.net, Sharjah Bank in the United Arab Emirates was the victim of a major hacking incident that occurred on November 18 of this year. The customer data was held by "Hacker Buba", an alias of the alleged attacker.

     Buba took to social media to reveal the information, explaining that he would not stop until the bank agreed to pay his proposed ransom in bitcoin.

The bank’s chief financial officer and operations director explained:

     “Yes, the data has been compromised and we have been contacted by the hacker Buba. He has demanded money from us, but we cannot reveal the amount. This is extortion and we have reported the matter to the UAE Central Bank. The Telecommunications Regulatory Authority’s (TRA) Computer Emergency Response Team (aeCERT) is investigating. We will not succumb to any extortion threats. In any case, no financial loss has occurred. All this person has is customer information and he is trying to use it as a bargaining chip.”

     After the initial attack, Twitter suspended Buba's account, but it seems the hacker had some tricks up his sleeve. The next day, Buba returned to Twitter and retaliated by uploading the account statements of about 500 bank customers. He then sent text messages and emails to bank customers, telling them that their accounts were in his possession and that if they didn't want their information published publicly online, they'd better pay the ransom.

     To date, the hackers’ whereabouts are unknown, although Hamed Diab, regional director for the Middle East and North Africa at Intel Security, recently explained:

     "Buba's Twitter location is in a county town in Hungary, his previous articles were published in Indonesian, and the text messages sent to customers came from a mobile phone with a British number."