What did attackers break into --> broke into massive documents, data and documents were posted online to the whistleblower site Cryptome. The leaked data, which totals 1.4GB... those files included internal corporate files and sensitive financial data for QNB's customers.
How did the attackers break into it --> They probably broke the security measures or found a bug or loophole in the security system of the bank, however, no data was provided on how the breach was made.
Who was impacted --> Customers of the bank were impacted as their personal data which was shared online turned out to be accurate and authentic according to researchers and although the data posted doesn't give enough authority to hackers to log into customers' accounts due to authorization via mobile number. Customers might suffer PII exposure as sensitive data such as credit card numbers were some of the things that got leaked.
How was it investigated --> The bank allegedly opened an investigation to find who did this but it wasn't made public as it is QNB's group policy not to comment on reports circulated via social media, which is how this issue first became public
What did the attackers break into --> CoronaVirus contact tracing apps have become a target for cybercriminals in a lot of countries, including Qatar. Hackers were able to obtain data about millions of users and could potentially access names, national IDs, health status and location data. which is very sensitive
How did the attackers break into it --> Since the app was designed in a rush, cybersecurity concerns weren't taken into account and so contact tracing was configured poorly. Privacy was not prioritized during development and the app obtained too much irrelevant but sensitive data.
Who was impacted --> Again, the users were the ones impacted as highly confidential data such as their locations and national IDs was obtained and this data is classified as data that would enable identification of a certain user.
How was it investigated --> Not enough data was provided about the investigations carried in within the country. However, outer investigations covered the reasons this initially happened and that is because of the data-hungry approach the app was implementing alongside other factors.