MOVEit Hack Exposes Deutsche Bank’s Client Data

Multiple banks affected by the same service provider attack

Deutsche Bank AG, one of the world’s largest financial institutions, has confirmed a data breach at one of its service providers, leading to the exposure of customer data. The breach is believed to be part of a larger MOVEit Transfer data-theft attack.

Bank spokesperson comments on the incident: “We have been alerted to a security breach at one of our external service providers, which manages our account switching service in Germany.”

The statement further suggested that the incident could be linked to the recent wave of MOVEit attacks orchestrated by the Clop ransomware group. “In addition to our service provider, we understand that over 100 companies across more than 40 countries could potentially be affected,” the spokesperson added.

Despite the breach at its service provider, Deutsche Bank assured that its own systems remained unaffected at all times. The bank revealed that the breach impacted German customers who utilised its account switching service in 2016, 2017, 2018, and 2020.

The bank clarified that the breach resulted in the exposure of a limited amount of personal data. The exact number of affected clients remains undetermined. In response to the potential risk, Deutsche Bank has extended the period for unauthorized direct debit returns to 13 months, providing customers with sufficient time to identify, report, and receive reimbursement for any unauthorized transactions.

Other Known Victims

German media reports suggest that the security breach at the service provider, used by Deutsche Bank, also affected other major banks and financial service providers, including Commerzbank, Postbank, Comdirect, and ING.

Commerzbank confirmed that the breached service provider is ‘Majorel,’ which also independently confirmed that it had been targeted in a cyberattack exploiting a vulnerability in the MOVEit software.

While Commerzbank stated that none of its customers were affected, it did acknowledge that its subsidiary, Comdirect, was indirectly impacted. Postbank confirmed a limited impact from the incident but did not disclose any client numbers.

ING, on the other hand, announced that it was aware of a cyberattack on a service provider that it uses, but did not provide further details.

More Details about the Attack

The MOVEit attack, which came to light more than a month ago and was allegedly carried out by a criminal hacking group known as Clop, has resulted in the theft of data from dozens of organisations and government agencies in the US and Europe. Notable victims include oil giant Shell, British Airways, along with banks, manufacturing firms, and universities.

The breach happens as banks are under pressure to strengthen their IT defenses amid a rising concern that cyber threats are getting more sophisticated and more frequent. The European Central Bank will hold its first cyber stress test of Europe’s banks early next year to map resilience in the industry.

If you liked this article, we advise you to read our previous article about the newly emerged as well as the recently arrested threat actors. Follow us on Twitter and LinkedIn for more content.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.