Habib Bank AG Zurich today said it found evidence of unauthorized access to its corporate network.
On November 5, 2025, a ransomware gang called Qilin listed the bank on its data leak site and said it stole 2.56 TB of data.
Habib Bank AG Zurich had not acknowledged a cyber attack until now.
“We experienced unauthorised external access to our corporate network,” says a notice posted on the bank’s website today. “Our banking services remain unaffected, fully operational and available to all our customers. To date, no persistent access has been identified.”
Habib Bank AG Zurich has not verified Qilin’s claim. We do not know if the bank paid a ransom, how much Qilin demanded, or how attackers breached the bank’s network. Comparitech contacted Habib Bank AG Zurich for comment and will update this article if it replies.
“Our team is working around the clock – supported by cybersecurity and forensic experts – to further assess and mitigate the impact of this incident. As part of our ongoing investigation, we are looking into the extent to which data has been exposed,” today’s notice says.
Who is Qilin?
Qilin is a ransomware gang that started taking credit for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
The group went on a rampage this year. In 2025 to date, Qilin has taken credit for 792 ransomware attacks. Of those claims, 133 were confirmed by the targeted organizations.
31 of Qilin’s confirmed attacks hit banks and other businesses in the financial sector. 22 of those stemmed from a single attack on a South Korean IT provider in September 2025, which led to breaches at a large number of asset management companies.
The following financial firms all disclosed data breaches for which Qilin took credit:
- Hardman Johnston Global Advisors LLC, US, March 2025
- MKA Accountants, Australia, May 2025
- ASEFA Seguros, Spain June, 2025
- Skeggs Goldstien, Australia, June 2025
- VENTURE Credit Union Co-operative Society Limited, Trinidad & Tobago, July 2025
- Welcome Financial Group Inc., South Korea, August 2025
- Swan Group, Mauritius, June 2025
Ransomware attacks on banks
Comparitech researchers logged 84 confirmed ransomware attacks on banks and other financial firms in 2025 to date. Those attacks compromised nearly 1.6 million records.
Other such recently confirmed attacks include:
- Money matters notified 1,573 people of a July 2025 data breach claimed by Cephalus
- Wakefield & Associates notified at least 26,700 people of a January 2025 data breach claimed by Akira
Ransomware attacks on US financial firms can lock down computer systems and steal data. The attackers then demand a ransom in exchange for deleting the data and a key to restore infected systems. If the firm refuses, it faces extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Habib Bank AG Zurich
Founded in 1967, Habib Bank AG Zurich is a privately owned bank based in Zurich, Switzerland. The bank employs nearly 8,000 people at more than 500 offices worldwide.
