Jordan Kuwait Bank (JKB), one of Jordan’s leading financial institutions, has reportedly been targeted by the Everest ransomware group in a data breach involving over 11GB of sensitive internal information. Hackers are demanding a ransom to prevent public exposure of the stolen data.
Ransomware Group Claims Theft of Employee Data and Internal Bank Files
On May 26, a post appeared on a dark web site operated by the Everest ransomware group. The hackers claim they exfiltrated 11.7GB of internal data from JKB, including personal details of 1,003 employees.
The bank, headquartered in Amman, runs 64 branches in Jordan and one in Cyprus. It is known for pioneering digital banking services in the country.
Hackers have issued a five-day deadline—until May 31—for JKB to respond. This tactic is consistent with standard ransomware extortion practices designed to apply pressure on victims.
While no download link was provided, the attackers published screenshots showing employee records. These include full names, family details, job titles, dates of birth, nationalities, work emails, phone extensions, and bank account details. Though passport data was not shared, the leaked content includes personally identifiable information (PII) and limited financial details.
Exposure of Employee Information Poses Security Risks Beyond Privacy
Cybersecurity researchers warn that the breach extends beyond personal privacy concerns. The exposure of internal employee data can be exploited to conduct identity theft, launch highly targeted phishing campaigns, and enable social engineering attacks. Family-related details increase the risk of attackers bypassing identity verification protocols or manipulating employees through relatives.
Researchers emphasize that this type of breach represents a serious operational security threat for the bank. It could potentially open the door to deeper infiltration into internal banking systems, posing long-term risks to both infrastructure and customer trust.
“It enables threat actors to launch highly targeted phishing and social engineering attacks, and it could lead to the bank’s internal systems,”
said the research team.
“For the bank, it’s a potential threat to operational security, not a privacy issue,”
they added.
As of now, Jordan Kuwait Bank has not released any public statement regarding the incident. Cybernews has reached out to the institution for comment, but no reply has been received.
