UAE Bank Victimized by Data Breach and Bitcoin Ransom

Another customer data breach is in the news, only this time, the results are worse than we’re used to. The breach occurred in the United Arab Emirates, and the attack is being labeled as the biggest in the country’s history.

According to, Sharjah bank in the UAE was the victim of a massive hack that took place on November 18th of this year. Customer data was held by “Hacker Buba,” the alias of the alleged attacker. Buba leaked the information on social media outlets and explained that he wouldn’t stop until the bank agreed to pay the bitcoin ransom he had set forth.

The bank’s chief financial and operating officer explained:

“Yes, there was a data breach and we have been contacted by Hacker Buba. He is asking for money but I cannot reveal how much. This is blackmail. We have reported the matter to UAE Central Bank. The Telecom Regulatory Authority’s (TRA) Computer Emergency Response Team (aeCERT) is investigating… We won’t give in to any extortion threat. In any case there has been no financial loss. All what this man has is some customer information and he’s trying to use it as a bargaining chip.”

Following the initial attack, Twitter suspended Buba’s account, but it appears the hacker had a few tricks up his sleeve. The following day, Buba was back on Twitter, and in an act of revenge, had allegedly uploaded account statements of approximately 500 bank customers in a single tweet. He then went about texting and emailing the bank’s customers, telling them that their accounts were in his hands and that they’d better pay his ransom if they didn’t want their information released publicly online.

Thus far, the hacker’s whereabouts have been unknown, although regional director of MENA, Intel Security Hamed Diab recently explained:

“Hacker Buba’s Twitter location points to a county in Hungary, his previous posts are in Indonesian language while the SMS sent to customers were from a cellphone with a UK number.”