In recent days, information about users of [Bank Melli Iran
] has been leaked online and made publicly available. In this report, we take a closer look at the leak, the type of data exposed, its possible source, and the impact on users’ privacy.

Narrative
In January 1400, a database containing information on more than 70 million real and legal customers of the National Bank of Iran was put up for sale on dark web markets. A few days later, part of this database was published on a hacker forum. This data included the names, surnames, father’s names, dates of birth, national ID numbers and other information of the customers. In a statement, the public relations department of the National Bank, while emphasizing the use of information security equipment, controls, policies and procedures based on standards and upstream methods and requirements, denied the published claims regarding the leakage of customer information and added, “Investigations are currently ongoing, but no conclusions have been reached regarding the veracity of this claim.

Amount of data stolen:69,900,000