Deutsche Bank AG has confirmed that some customers’ data could be at risk following a data breach that is expected to have stemmed from, you guessed it, a MOVEit attack.
A spokesperson of the bank told BleepingComputer: “We have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany.”
Because the statement indicates that more than 100 other companies have also been affected across 40 other countries, many have deduced that the incident relates to the attacks that have plagued MOVEit customers in recent weeks.
Deutsche Bank data breach
Despite MOVEit-related breaches hitting the headlines in recent weeks, many longstanding Deutsche Bank customers are potentially affected. Those using its account switching service in 2016, 2017, 2018, and 2020 could have had some data exposed.
Deutsche Bank promises to have informed affected customers accordingly. The bank also confirmed in an email to TechRadar Pro that "affected customers in Germany can return unauthorized direct debits for up to 13 months" and that "the money is refunded by the bank" itself.
The bank’s gesture implies that at least some payment information had been leaked. Customers may also want to consider using identity theft protection to further enhance their precautionary measures.
While it is so far unconfirmed whether this security incident related to the MOVEit attacks carried out by the Clop ransomware gang, the affects have been especially widespread. Other banking institutions have been caught up in the action in numerous countries, along with hotel chains and even government agencies.
Cybersecurity experts have called for better measures to be put in place, stressing that personally identifiable information should not be shared using third-party services by large institutions that handle swathes of such information, such as banks and governments.
- Check out our roundup of the best malware removal
