An unknown cybercriminal is attempting to extort customers of a Liechtenstein bank, threatening to send potentially incriminating customer financial information to government authorities and the media if the victims don't pay 10 percent of their balances.

The affected institution, Valartis Bank Liechtenstein, issued a statement on Sunday, noting that the attacker (or attackers) obtained information related to payment orders – primarily of a corporate nature – that took place prior to May 2013. The breach of Valartis' e-banking system occurred via an external email contact, according to a corporate statement issued earlier this month and attributed to Dr. Andreas Insam, the bank's CEO.

Customer funds remain intact because the core system of the bank was not infiltrated, the bank affirmed, as did its parent company, Hong Kong-based Citychamp Watch & Jewellery Group Ltd.

“The attacker did not obtain details of the account statement or asset data,” Fong Chi Wash, CFO of Citychamp, said in a widely reported company statement.