Deutsche Bank, ING Bank, Postbank, and Comdirect recently announced they suffered customer data leaks. Reportedly, the four European giant banks were using the same third-party business vendor, who fell victim to a MOVEit data-theft attack.
The Attack Revealed
On July 3rd, Deutsche Bank and Postbank announced their customers about the data leak. The notice revealed that the threat actors succeeded to exploit a vulnerability in the software of a third-party vendor they did not name.
According to Deutsche Bank, the incident didn`t affect their systems. So, it appears that hackers did not have direct access to the accounts.
Only customers who used the account switching service of either Deutsche or Postbank in 2016 through 2018, and 2020, are said to be affected by the leak.
However, none of the banks revealed how many customers did the data breach expose.
Further on, according to German media, the data breach also affected ING, Commerzbank, and Comdirect banks. While the other banks did not reveal the third-party vendor`s identity, Commerzbank stated that the breached service provider was Majorel. Majorel also announced they were the target of a cyberattack that exploited a vulnerability in the MOVEit file transfer system.
The Exposed Data and Further Risks
Deutsche Bank notified its customers that a third-party vendor exposed some of their personal data due to a cyberattack. Threat actors got access to the complete name and the International Banking Account Number (IBAN). This data enables a malicious actor to make unauthorized direct debits from the compromised account.
Additionally, specialists warn that hackers might try to gain other personal data and use it in phishing attacks and password theft attempts. The impacted banks urged customers to closely monitor their transactions and account statements and swiftly announce the bank in case they detect any unauthorized transactions
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.