Four major European banks – Deutsche Bank, ING Bank, Postbank, and Comdirect – are reporting customer data leaks. They’re the result of using the same third-party business vendor, breached in the Cl0p MOVEit hacks.
Both Deutsche Bank and its retail arm Postbank announced the customer data leak in a form letter sent to customers on July 3rd, according to German media outlet General-Anzeiger. The customer notice stated that attackers had exploited a vulnerability in the software of a service provider, but did not name the service provider at the time.
According to the letter, the customers’ first name, last name, and IBAN (international banking account number) were stolen – enough information for a criminal to make unauthorized direct debits from an account. However, a Deutsche spokesperson told media outlets that the criminals could not access accounts directly.
Account Switching Service
Only customers who used the account switching service of either Deutsche or Postbank in 2016 through 2018, and 2020, are said to be affected by the leak. Neither Deutsche or Postbank have said how many customers may have been affected by the leak.
Ironically Deutsche, who acquired Postbank in 2008, also announced on Monday that it had finally completed a more than decade-long process of integrating both banking systems under one roof. The Deutsche Bank spokesperson said the data leak had nothing to do with the move of Postbank’s customer data to the joint IT platform, according to German media outlets.