Deutsche Bank customer data exposed in latest MOVEit exploit

Deutsche Bank AG has confirmed that a data breach on one of its service providers has exposed customer data. The bank identified the incident as a MOVEit Transfer data breach attack, according to a statement to Bleeping Computer. 

“We have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany,” a Deutsche Bank spokesperson told Bleeping Computer. 

MOVEit is a file transfer software by Progress Software.

The threat actors gained access to the data of thousands of bank customers whose requests to change accounts had been transferred to an external data provider called Majorel Germany, according to Bloomberg. 

The account switching service provider, Majorel Germany, told local German media outlets that it had been the target of a cyberattack. “As part of a security gap in the MOVEit software, which affects many companies around the world, Majorel Germany has become the target of a hacker attack,” Majorel told the media outlets.  

The exposed data included customer names and account numbers. Deutsche Bank also warned that more than 100 companies in over 40 countries were potentially affected.

Linked to MOVEit software exploit

While targeting Majorel Germany, threat actors took advantage of an SQL injection vulnerability found in the MOVEit software to gain access to the data. The vulnerability had been exploited before the company sent out a notification about it on May 31. Customers of the software were advised to check for indicators of unauthorized access over at least the prior 30 days.

As of May 31, there were about 2,500 instances of MOVEit Transfer exposed to the public internet, the majority of which seemed to be in the US. The attacks have been linked to the Russia-based Clop ransomware gang. 

“The attack took place before the software’s vulnerability became public and only affected a single system running MOVEit software in Germany,” the bank said in the statement, adding that Deutsche Bank’s systems were unaffected. 

Other German banks were also affected

The data leak at the account switching service provider has also affected Postbank, Comdirect and ING, according to German news outlet Handelsblatt.

“According to the current state of knowledge, a low four-digit number of customers who have used the statutory account switching assistance when opening a current account with us are affected,” ING told the publication. 

While Commerzbank confirmed that customers of its Comdirect brand were affected by the data leak. 

Last month, the personal data of over 45,000 public school students was compromised in a breach involving MOVEit, according to the New York City Department of Education. The data impacted included Social Security numbers and employee ID numbers.

Two arms of the US Department of Energy (DOE), the US Department of Agriculture and the Office of Personnel Management, have also been targeted by the attacks.  Meanwhile, the US State Department’s Rewards for Justice program has announced up to a $10 million bounty for information that can be proof to link the Clop ransomware attacks to a foreign government.