Qatar National Bank, the largest bank in the Middle East and Africa region, suffered a data breach in July 2015 that became public in April 2016 when the stolen data was published on a file-sharing site. The dataset comprised approximately 15,000 documents totaling 1.4 gigabytes and detailed more than 100,000 customer accounts. Analysis suggested the attack began with a SQL injection flaw in the bank's web infrastructure, which gave the attacker access to internal databases that were then progressively exfiltrated.\n\nThe exposed records included bank account numbers, customer names, dates of birth, government-issued identification, addresses, phone numbers, email addresses, IP addresses, gender, marital status, language, security questions and answers, transaction histories, account passwords, and PINs. Have I Been Pwned indexed approximately 89,000 unique email addresses among the records. The data also contained folders flagged with labels suggesting connections to Al Jazeera staff and intelligence services, drawing additional regional press attention beyond conventional breach coverage.\n\nFor affected individuals, the practical risk profile is exceptionally severe because the leaked dataset combines complete account credentials with transaction histories. The combination of bank account number, PIN, security question answers, and password supports direct account takeover by anyone in possession of the data. Government identifier and demographic fields support identity-verification bypass at other financial institutions. While much of the original credential data is now a decade old and presumably reset, the demographic and transaction-history records remain durable identity-fraud assets. Anyone who held a QNB Group account during the affected period should treat their identity data as exposed and remain alert to any unsolicited contact referencing past Qatar-region banking activity.

Financial institutions store highly sensitive data including identity documents, account details, transaction history, and authentication credentials.

QNB Group has continued to operate as one of the leading banks in the Middle East and Africa region in the years since the 2015 incident, and the 2016 public exposure of the data did not appear to materially disrupt its business growth. The bank issued a statement at the time emphasizing that its core banking and payment systems were not compromised. QNB has not been publicly tied to a further large-scale data breach disclosure since then. Reporting at the time noted that the leaked dataset included flagged entries for individuals associated with Al Jazeera staff and a separate folder labeled 'spy, intelligence' that drew significant local and regional media attention.