HQ/EMEAFind out how we can help your business
A German Bank admitted that a data breach incident occurred in one of its service providers, exposing its customers’ data. Based on reports, the alleged attack is due to a MOVEit Transfer exploit.
The financial institutions also said that the service provider is one of their external third-party affiliates that operates their account switching service in Germany. The company also said that over 100 firms in more than 40 countries could have suffered the same impact. Researchers believe that the bank refers to the latest Clop ransomware exploit of the MOVEit vulnerability.
Fortunately, the banking institutions said that their systems did not suffer any compromise since their service provider was the victim of the attack.
This German-based bank is one of the most prominent financial organisations in the world, having total assets of $1.5 trillion and an approximately $6.3 billion annual net income.
The bank said they have been using the account switching service since 2016.
According to investigations, the bank received a report from impacted users in Germany who adopted their account-switching service in 2016. The bank stated that only a limited amount of personal information got leaked due to the data breach.
The bank could not yet determine the number of impacted clients, but they explained that they have all the information on the direct impact of the attack. They will now also employ precautionary methods that would address the incident.
Currently, the bank will investigate the cause of the data leak and take action to improve its security to prevent similar incidents that could affect its customers. The European bank assured its customers that the attackers could not access accounts using the leaked data. However, these threat actors could try to execute unauthorised direct debits.
Therefore, the bank has extended the period of unauthorised direct debit returns to about a year. This method could allow its customers to identify, report, and receive reimbursement for unauthorised transactions.
Cybersecurity researchers said that the security incident on the undisclosed service provider used by the bank also impacts other central banks and financial service providers that adopt its service.
