Deutsche Bank confirms provider breach exposed customer data

Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its customers' data in a likely MOVEit Transfer data-theft attack.

"We have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany," a spokesperson told BleepingComputer.

"In addition to our service provider, we understand that more than 100 companies in more than 40 countries are potentially affected," reads the statement, hinting that the incident is related to Clop ransomware's wave of MOVEit attacks.

"Deutsche Bank's systems were not affected by the incident at our service provider at any time," assured the banking giant.

The public German bank, which is one of the largest in the world, having total assets of $1.5 trillion and an annual net income of $6.3 billion, stated that the incident impacted customers in Germany who used its account switching service in 2016, 2017, 2018, and 2020.

The bank said that only a limited amount of personal data was exposed due to the security incident.

The number of impacted clients has not been determined, but Deutsche Bank said they have all been informed accordingly on the direct impact and what precautions they should take regarding their exposed data.

Meanwhile, the bank is investigating the causes of the data leak and taking targeted action to improve its data security precautions to avoid similar incidents from impacting its clients in the future.

Deutsche Bank said that cybercriminals cannot gain access to accounts using the exposed data, but they might try to initiate unauthorized direct debits.

In response to this risk, the bank has extended the period of unauthorized direct debit returns to 13 months, allowing its customers ample time to identify, report, and receive reimbursement for unauthorized transactions.

Other banks impacted

According to German media outlets, the security incident on the unnamed service provider used by Deutsche Bank also impacted other major banks and financial service providers, including Commerzbank, Postbank, Comdirect, and ING.

Handelsblatt received a statement from Commerzbank confirming that the breached service provider is 'Majorel,' who also independently confirmed that it had been the target of a cyberattack leveraging a flaw in the MOVEit software.

Commerzbank told the German news outlet that none of its customers were impacted, but its subsidiary, Comdirect, was indirectly affected.

Postbank was limited to confirming limited impact from the incident, not disclosing any client numbers.

ING announced that it was aware of a cyberattack on a service provider that impacted a "low four-digit number of customers" who used account-switching services.

BleepingComputer has requested a comment from all impacted financial service providers but has yet to receive a response.