Deutsche Bank confirms provider breach exposed customer data

by DTM | Posted on

Deutsche Bank AG has confirmed that some customers’ data could be at risk following a data breach that is expected to have stemmed from, you guessed it, a MOVEit attack.

A spokesperson of the bank told BleepingComputer: “We have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany.”

Because the statement indicates that more than 100 other companies have also been affected across 40 other countries, many have deduced that the incident relates to the attacks that have plagued MOVEit customers in recent weeks.

Deutsche Bank data breach

Despite MOVEit-related breaches hitting the headlines in recent weeks, many longstanding Deutsche Bank customers are potentially affected. Those using its account switching service in 2016, 2017, 2018, and 2020 could have had some data exposed.

Read more

> These are the best endpoint protection software tools around

> Over a million NHS users have data leaked following ransomware attack

> DMV data on millions of Americans leaked – make sure you aren’t affected in latest MOVEit breach

Deutsche Bank promises to have informed affected customers accordingly (via BleepingComputer), as well as extended their unauthorized direct debit returns period to 13 months which should give them enough time to identify fraudulent activity.

The bank’s gesture implies that at least some payment information had been leaked. Customers may also want to consider using identity theft protection to further enhance their precautionary measures.

Precise information about the number of customers affected remains unconfirmed, and Deutsche Bank has not yet responded to TechRadar Pro’s request for comment.

While it is so far unconfirmed whether this security incident related to the MOVEit attacks carried out by the Clop ransomware gang, the affects have been especially widespread. Other banking institutions have been caught up in the action in numerous countries, along with hotel chains and even government agencies.

Cybersecurity experts have called for better measures to be put in place, stressing that personally identifiable information should not be shared using third-party services by large institutions that handle swathes of such information, such as banks and governments.